8b0a5fb1...7d7d

Monitored Processes

Process Overview

ID	PID	Monitor Reason	Integrity Level	Image Name	Command Line	Origin ID
#1	0x6c8	Analysis Target	High (Elevated)	dfylx.exe	"C:\Users\FD1HVy\Desktop\DfyLx.exe"	-
#3	0x1b4	Child Process	High (Elevated)	cmd.exe	"C:\WINDOWS\System32\cmd.exe" /C REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svchos" /t REG_SZ /d "C:\Users\FD1HVy\Desktop\DfyLx.exe" /f	#1
#5	0x6fc	Injection	Medium	sihost.exe	sihost.exe	#1
#6	0x718	Injection	Medium	svchost.exe	C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup	#1
#7	0x7ac	Injection	Medium	taskhostw.exe	taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}	#1
#8	0x174	Child Process	High (Elevated)	reg.exe	REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svchos" /t REG_SZ /d "C:\Users\FD1HVy\Desktop\DfyLx.exe" /f	#3
#9	0xb50	Injection	Low	shellexperiencehost.exe	"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca	#1
#10	0xb58	Injection	Low	searchui.exe	"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca	#1
#11	0xbf4	Injection	Medium	runtimebroker.exe	C:\Windows\System32\RuntimeBroker.exe -Embedding	#1
#12	0xf14	Injection	Medium	taskhostw.exe	taskhostw.exe	#1
#13	0xfd0	Injection	Medium	msoia.exe	"C:\Program Files\Microsoft Office\root\Office16\msoia.exe" scan upload mininterval:2880	#1
#14	0xff8	Injection	Medium	msoia.exe	"C:\Program Files\Microsoft Office\root\Office16\msoia.exe" scan upload	#1
#15	0xc14	Injection	Medium	apphostregistrationverifier.exe	C:\WINDOWS\system32\AppHostRegistrationVerifier.exe	#1
#16	0x7fc	Injection	Medium	dllhost.exe	C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}	#1

Behavior Information - Grouped by Category

Process #1: dfylx.exe

396

Information	Value
ID	#1
File Name	c:\users\fd1hvy\desktop\dfylx.exe
Command Line	"C:\Users\FD1HVy\Desktop\DfyLx.exe"
Initial Working Directory	C:\Users\FD1HVy\Desktop\
Monitor	Start Time: 00:00:24, Reason: Analysis Target
Unmonitor	End Time: 00:01:13, Reason: Self Terminated
Monitor Duration	00:00:48

OS Process Information

Information	Value
PID	0x6c8
Parent PID	0x860 (c:\windows\explorer.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x DA4 0x DC0 0x D8C 0x F9C 0x F98 0x F90 0x F7C 0x F84

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	AV	YARA	Actions
dfylx.exe	0x7FF7F2C60000	0x7FF7F2FEDFFF	Relevant Image	-	64-bit	-			... Region Actions Download Dump Go to AV Match

Host Behavior

File (5)

Operation	Filename	Additional Information	Count	Logfile
Create	C:\users\Public\sys	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN	1	Fn
Open	STD_INPUT_HANDLE	-	1	Fn
Open	STD_OUTPUT_HANDLE	-	1	Fn
Open	STD_ERROR_HANDLE	-	1	Fn
Delete	-	-	1	Fn

Process (177)

Operation	Process	Additional Information	Count	Logfile
Create	C:\WINDOWS\System32\cmd.exe	show_window = SW_HIDE	1	Fn
Enumerate Processes	-	-	73	Fn
Enumerate Processes	-	-	1	Fn
Open	System	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\smss.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\csrss.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\wininit.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\csrss.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\winlogon.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\services.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\lsass.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\fontdrvhost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\fontdrvhost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\dwm.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\spoolsv.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\audiodg.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\sihost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_ALL_ACCESS	2	Fn
Open	c:\windows\system32\taskhostw.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\securityhealthservice.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\explorer.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	-	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\runtimebroker.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\wbem\wmiprvse.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\taskhostw.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\usoclient.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\microsoft office\root\office16\msoia.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\taskhostw.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\devicecensus.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\unp\unpcampaignmanager.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\microsoft office\root\office16\msoia.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\apphostregistrationverifier.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\microsoft office\screensaver.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files (x86)\windows mail\edge_empty_suite.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files (x86)\mozilla maintenance service\religion.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\microsoft office 15\spirit forces.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\windows portable devices\guests_production.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\rempl\archiveddeemedshirts.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\microsoft office 15\him.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\rempl\anymore_recorder.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\windows multimedia platform\kw-necklace-lee.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files (x86)\mozilla maintenance service\surfaces.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files (x86)\windows portable devices\removableglobaldiverse.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\windows nt\bravescuba.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files (x86)\windows sidebar\delivering product tank.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\uninstall information\exhaustwires.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\msbuild\payingbasin.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files (x86)\common files\emission.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\windows multimedia platform\using sandy.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\uninstall information\adjusted_eyes_shoot.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files (x86)\windows nt\pmc.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\dllhost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\conhost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\conhost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\cmd.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\sihost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\taskhostw.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\runtimebroker.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\taskhostw.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\microsoft office\root\office16\msoia.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\microsoft office\root\office16\msoia.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\apphostregistrationverifier.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\microsoft office\screensaver.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files (x86)\windows mail\edge_empty_suite.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files (x86)\mozilla maintenance service\religion.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\microsoft office 15\spirit forces.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\windows portable devices\guests_production.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\rempl\archiveddeemedshirts.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\microsoft office 15\him.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\rempl\anymore_recorder.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\windows multimedia platform\kw-necklace-lee.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files (x86)\mozilla maintenance service\surfaces.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files (x86)\windows portable devices\removableglobaldiverse.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\windows nt\bravescuba.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files (x86)\windows sidebar\delivering product tank.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\uninstall information\exhaustwires.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\msbuild\payingbasin.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files (x86)\common files\emission.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\windows multimedia platform\using sandy.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files\uninstall information\adjusted_eyes_shoot.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\program files (x86)\windows nt\pmc.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\dllhost.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn
Open	c:\windows\system32\cmd.exe	desired_access = PROCESS_ALL_ACCESS	1	Fn

Thread (11)

Operation	Process	Additional Information	Count	Logfile
Create	c:\windows\system32\sihost.exe	proc_address = 0x7ff7f2c61ad0, proc_parameter = 140702906712064, flags = THREAD_RUNS_IMMEDIATELY	1	Fn
Create	c:\windows\system32\svchost.exe	proc_address = 0x7ff7f2c61ad0, proc_parameter = 140702906712064, flags = THREAD_RUNS_IMMEDIATELY	1	Fn
Create	c:\windows\system32\taskhostw.exe	proc_address = 0x7ff7f2c61ad0, proc_parameter = 140702906712064, flags = THREAD_RUNS_IMMEDIATELY	1	Fn
Create	c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe	proc_address = 0x7ff7f2c61ad0, proc_parameter = 140702906712064, flags = THREAD_RUNS_IMMEDIATELY	1	Fn
Create	c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe	proc_address = 0x7ff7f2c61ad0, proc_parameter = 140702906712064, flags = THREAD_RUNS_IMMEDIATELY	1	Fn
Create	c:\windows\system32\runtimebroker.exe	proc_address = 0x7ff7f2c61ad0, proc_parameter = 140702906712064, flags = THREAD_RUNS_IMMEDIATELY	1	Fn
Create	c:\windows\system32\taskhostw.exe	proc_address = 0x7ff7f2c61ad0, proc_parameter = 140702906712064, flags = THREAD_RUNS_IMMEDIATELY	1	Fn
Create	c:\program files\microsoft office\root\office16\msoia.exe	proc_address = 0x7ff7f2c61ad0, proc_parameter = 140702906712064, flags = THREAD_RUNS_IMMEDIATELY	1	Fn
Create	c:\program files\microsoft office\root\office16\msoia.exe	proc_address = 0x7ff7f2c61ad0, proc_parameter = 140702906712064, flags = THREAD_RUNS_IMMEDIATELY	1	Fn
Create	c:\windows\system32\apphostregistrationverifier.exe	proc_address = 0x7ff7f2c61ad0, proc_parameter = 140702906712064, flags = THREAD_RUNS_IMMEDIATELY	1	Fn
Create	c:\windows\system32\dllhost.exe	proc_address = 0x7ff7f2c61ad0, proc_parameter = 140702906712064, flags = THREAD_RUNS_IMMEDIATELY	1	Fn

Memory (41)

Operation	Process	Additional Information	Count	Logfile
Allocate	c:\windows\system32\sihost.exe	address = 140702906712064, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\windows\system32\svchost.exe	address = 140702906712064, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\windows\system32\taskhostw.exe	address = 140702906712064, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe	address = 140702906712064, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe	address = 140702906712064, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\windows\system32\runtimebroker.exe	address = 140702906712064, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\windows\system32\taskhostw.exe	address = 140702906712064, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files\microsoft office\root\office16\msoia.exe	address = 140702906712064, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files\microsoft office\root\office16\msoia.exe	address = 140702906712064, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\windows\system32\apphostregistrationverifier.exe	address = 140702906712064, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files\microsoft office\screensaver.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files (x86)\windows mail\edge_empty_suite.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files (x86)\mozilla maintenance service\religion.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files\microsoft office 15\spirit forces.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files\windows portable devices\guests_production.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files\rempl\archiveddeemedshirts.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files\microsoft office 15\him.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files\rempl\anymore_recorder.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files\windows multimedia platform\kw-necklace-lee.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files (x86)\mozilla maintenance service\surfaces.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files (x86)\windows portable devices\removableglobaldiverse.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files\windows nt\bravescuba.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files (x86)\windows sidebar\delivering product tank.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files\uninstall information\exhaustwires.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files\msbuild\payingbasin.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files (x86)\common files\emission.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files\windows multimedia platform\using sandy.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files\uninstall information\adjusted_eyes_shoot.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\program files (x86)\windows nt\pmc.exe	address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Allocate	c:\windows\system32\dllhost.exe	address = 140702906712064, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3727360	1	Fn
Write	c:\windows\system32\sihost.exe	address = 0x7ff7f2c60000, size = 3727360	1	Fn
Write	c:\windows\system32\svchost.exe	address = 0x7ff7f2c60000, size = 3727360	1	Fn
Write	c:\windows\system32\taskhostw.exe	address = 0x7ff7f2c60000, size = 3727360	1	Fn
Write	c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe	address = 0x7ff7f2c60000, size = 3727360	1	Fn
Write	c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe	address = 0x7ff7f2c60000, size = 3727360	1	Fn
Write	c:\windows\system32\runtimebroker.exe	address = 0x7ff7f2c60000, size = 3727360	1	Fn
Write	c:\windows\system32\taskhostw.exe	address = 0x7ff7f2c60000, size = 3727360	1	Fn
Write	c:\program files\microsoft office\root\office16\msoia.exe	address = 0x7ff7f2c60000, size = 3727360	1	Fn
Write	c:\program files\microsoft office\root\office16\msoia.exe	address = 0x7ff7f2c60000, size = 3727360	1	Fn
Write	c:\windows\system32\apphostregistrationverifier.exe	address = 0x7ff7f2c60000, size = 3727360	1	Fn
Write	c:\windows\system32\dllhost.exe	address = 0x7ff7f2c60000, size = 3727360	1	Fn

Module (58)

Operation	Module	Additional Information	Count	Logfile
Load	api-ms-win-core-synch-l1-2-0	base_address = 0x7ff92f150000	2	Fn
Load	api-ms-win-core-fibers-l1-1-1	base_address = 0x7ff92f150000	2	Fn
Load	advapi32	base_address = 0x7ff931520000	1	Fn
Load	api-ms-win-core-localization-l1-2-1	base_address = 0x7ff92f150000	1	Fn
Load	kernel32.dll	base_address = 0x7ff92fdd0000	1	Fn
Load	api-ms-win-appmodel-runtime-l1-1-1	base_address = 0x7ff92e3f0000	1	Fn
Get Handle	c:\users\fd1hvy\desktop\dfylx.exe	base_address = 0x7ff7f2c60000	32	Fn
Get Handle	mscoree.dll	-	1	Fn
Get Filename	-	process_name = c:\users\fd1hvy\desktop\dfylx.exe, file_name_orig = C:\Users\FD1HVy\Desktop\DfyLx.exe, size = 260	3	Fn
Get Filename	-	process_name = c:\users\fd1hvy\desktop\dfylx.exe, file_name_orig = C:\Users\FD1HVy\Desktop\DfyLx.exe, size = 320	1	Fn
Get Filename	-	process_name = c:\users\fd1hvy\desktop\dfylx.exe, file_name_orig = C:\Users\FD1HVy\Desktop\DfyLx.exe, size = 100	1	Fn
Get Address	c:\windows\system32\kernelbase.dll	function = InitializeCriticalSectionEx, address_out = 0x7ff92f1ad580	2	Fn
Get Address	c:\windows\system32\kernelbase.dll	function = FlsAlloc, address_out = 0x7ff92f1bd3e0	2	Fn
Get Address	c:\windows\system32\kernelbase.dll	function = FlsSetValue, address_out = 0x7ff92f198c10	2	Fn
Get Address	c:\windows\system32\advapi32.dll	function = EventRegister, address_out = 0x7ff931f8ad30	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = EventSetInformation, address_out = 0x7ff931f8aa10	1	Fn
Get Address	c:\windows\system32\kernelbase.dll	function = FlsGetValue, address_out = 0x7ff92f192340	1	Fn
Get Address	c:\windows\system32\kernelbase.dll	function = LCMapStringEx, address_out = 0x7ff92f17c800	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = IsWow64Process, address_out = 0x7ff92fdec1b0	1	Fn
Get Address	c:\windows\system32\kernel.appcore.dll	function = GetCurrentPackageId, address_out = 0x7ff92e3f2b30	1	Fn

User (1)

Operation	Additional Information	Success	Count	Logfile
Lookup Privilege	privilege = SeDebugPrivilege, luid = 20		1	Fn

System (36)

Operation	Additional Information	Count	Logfile
Sleep	duration = 5000 milliseconds (5.000 seconds)	2	Fn
Sleep	duration = 300 milliseconds (0.300 seconds)	31	Fn
Get Info	type = Operating System	1	Fn
Get Info	type = Windows Directory, result_out = C:\WINDOWS	2	Fn

Environment (1)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		1	Fn Data

Process #3: cmd.exe

Information	Value
ID	#3
File Name	c:\windows\system32\cmd.exe
Command Line	"C:\WINDOWS\System32\cmd.exe" /C REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svchos" /t REG_SZ /d "C:\Users\FD1HVy\Desktop\DfyLx.exe" /f
Initial Working Directory	C:\Users\FD1HVy\Desktop\
Monitor	Start Time: 00:00:37, Reason: Child Process
Unmonitor	End Time: 00:00:41, Reason: Self Terminated
Monitor Duration	00:00:03

OS Process Information

Information	Value
PID	0x1b4
Parent PID	0x6c8 (c:\users\fd1hvy\desktop\dfylx.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 26C 0x D84

Host Behavior

File (16)

Operation	Filename	Additional Information	Count	Logfile
Get Info	C:\Users\FD1HVy\Desktop	type = file_attributes	2	Fn
Open	STD_OUTPUT_HANDLE	-	8	Fn
Open	STD_INPUT_HANDLE	-	6	Fn

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 4, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\WINDOWS\system32\reg.exe	os_pid = 0x174, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL		1	Fn

Module (8)

Operation	Module	Additional Information	Count	Logfile
Get Handle	c:\windows\system32\cmd.exe	base_address = 0x7ff66fc00000	1	Fn
Get Handle	c:\windows\system32\kernel32.dll	base_address = 0x7ff92fdd0000	2	Fn
Get Filename	-	process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\WINDOWS\System32\cmd.exe, size = 32743	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetThreadUILanguage, address_out = 0x7ff92fdea990	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileExW, address_out = 0x7ff92fdee830	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = IsDebuggerPresent, address_out = 0x7ff92fdee300	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40	1	Fn

Environment (19)

Operation	Additional Information	Count	Logfile
Get Environment String	-	7	Fn Data
Get Environment String	name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps	2	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	2	Fn
Get Environment String	name = PROMPT	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Set Environment String	name = PROMPT, value = $P$G	1	Fn
Set Environment String	name = =C:, value = C:\Users\FD1HVy\Desktop	1	Fn
Set Environment String	name = COPYCMD	1	Fn
Set Environment String	name = =ExitCode, value = 00000000	1	Fn
Set Environment String	name = =ExitCodeAscii	1	Fn

Process #5: sihost.exe

15800

Information	Value
ID	#5
File Name	c:\windows\system32\sihost.exe
Command Line	sihost.exe
Initial Working Directory	C:\WINDOWS\system32\
Monitor	Start Time: 00:00:38, Reason: Injection
Unmonitor	End Time: 00:04:24, Reason: Terminated by Timeout
Monitor Duration	00:03:46

OS Process Information

Information	Value
PID	0x6fc
Parent PID	0x3c0 (c:\windows\system32\svchost.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x AF8 0x AF4 0x 8D8 0x 8A8 0x 8A4 0x 810 0x 4CC 0x 750 0x 73C 0x 728 0x 724 0x 710 0x 70C 0x 708 0x 700 0x F34 0x F30 0x B84 0x FA0 0x C34 0x A60 0x B98 0x D10 0x AC8 0x 90C 0x D5C 0x F54 0x 788 0x 15C 0x E60 0x EDC 0x EEC 0x 4A8 0x 4F0 0x 36C 0x 4E4 0x 37C 0x 9E4 0x 7BC 0x CEC 0x 658 0x 7B4 0x CDC 0x D40 0x D24 0x D60 0x 7A8 0x 4AC 0x DCC 0x E5C 0x F78 0x FA8 0x F8C 0x 210 0x 39C 0x 344 0x EE8 0x D94 0x 174 0x 7A4 0x 26C 0x D84 0x D54 0x ED4 0x 1B4 0x E88 0x 714 0x 910 0x D78 0x EAC 0x 3A8 0x EB4 0x F04 0x ECC 0x EC8 0x DFC 0x 470 0x C58 0x E90 0x C6C 0x 42C 0x CE8 0x A80 0x A7C 0x A78 0x 8F0 0x C48 0x 48C 0x EB8 0x CA0 0x FB0 0x A34 0x FAC 0x A90 0x 83C 0x CFC 0x 754 0x EB0 0x BEC 0x D14 0x 824 0x D20 0x D28 0x 8E8 0x 1004 0x 1008 0x 100C 0x 1010 0x 1014 0x 1018 0x 101C 0x 1020 0x 1024 0x 1028 0x 102C 0x 1034 0x 1038 0x 103C 0x 1040 0x 1044 0x 1048 0x 104C 0x 1050 0x 1054 0x 1058 0x 105C 0x 1060 0x 1064 0x 1068 0x 106C 0x 1070 0x 1078 0x 107C 0x 1080 0x 1084 0x 1088 0x 1098 0x 109C 0x 10A0 0x 10A4 0x 10A8 0x 10AC 0x 10B0 0x 10B4 0x 10B8 0x 10BC 0x 10C0 0x 10C4 0x 10C8 0x 10CC 0x 10D0 0x 10D4 0x 10D8 0x 10DC 0x 10E0 0x 10E4 0x 10E8 0x 10EC 0x 10F0 0x 10F4 0x 10F8 0x 1100 0x 1104 0x 1108 0x 110C 0x 1110 0x 1114 0x 1118 0x 111C 0x 1120 0x 1124 0x 1128 0x 112C 0x 1130 0x 1134 0x 1138 0x 113C 0x 1140 0x 1144 0x 1148 0x 114C 0x 1150 0x 1154 0x 1158 0x 115C 0x 1160 0x 1164 0x 1168 0x 116C 0x 1170 0x 1174 0x 1178 0x 117C 0x 1180 0x 1184 0x 1188 0x 118C 0x 1190 0x 1194 0x 1198 0x 119C 0x 11A0 0x 11A4 0x 11A8 0x 11AC 0x 11B0 0x 11B4 0x 11B8 0x 11C0 0x 11C4 0x 11C8 0x 11CC 0x 11D0 0x 11D4 0x 11D8 0x 11DC 0x 11E0 0x 11E4 0x 11E8 0x 11EC 0x 11F0 0x 11F4 0x 11F8 0x 11FC 0x 1200 0x 1204 0x 1208 0x 120C 0x 1210 0x 1214 0x 1218 0x 121C 0x 1220 0x 1224 0x 122C 0x 1230 0x 1234 0x 1238 0x 123C 0x 1240 0x 1244 0x 1248 0x 124C 0x 1250 0x 1254 0x 1258 0x 125C 0x 1260 0x 1264 0x 1268 0x 126C 0x 1270 0x 1274 0x 1278 0x 127C 0x 1284 0x 1288 0x 128C 0x 1290 0x 1294 0x 1298 0x 129C 0x 12A0 0x 12A4 0x 12A8 0x 12AC 0x 12B0 0x 12B4 0x 12B8 0x 12BC 0x 12C4 0x 12C8 0x 12CC 0x 12D0 0x 12D4 0x 12D8 0x 12DC 0x 12E0 0x 12E4 0x 12E8 0x 12EC 0x 12F4 0x 12F8 0x 12FC 0x 1300 0x 1304 0x 1308 0x 130C 0x 1310 0x 1314 0x 1318 0x 131C 0x 1320 0x 1324 0x 1328 0x 132C 0x 1330 0x 1334 0x 1338 0x 133C 0x 1340 0x 1344 0x 1348 0x 134C 0x 1350 0x 1354 0x 1358 0x 135C 0x 1360 0x 1364 0x 1368 0x 136C 0x 1370 0x 1374 0x 1378 0x 137C 0x 1380 0x 1384 0x 1388 0x 138C 0x 1390 0x 1394 0x 1398 0x 139C 0x 13A0 0x 13A4 0x 13A8 0x 13AC 0x 13B0 0x 13B4 0x 13B8 0x 13BC 0x 13C0 0x 13C4 0x 13C8 0x 13CC 0x 13D0 0x 13D4 0x 13D8 0x 13DC 0x 13E0 0x 13E4 0x 13E8 0x 13EC 0x 13F0 0x 13F4 0x 13F8 0x 13FC 0x 9E8 0x 9FC 0x D9C 0x FCC 0x F74 0x FC8 0x 1404 0x 1408 0x 140C 0x 1410 0x 1414 0x 1418 0x 141C 0x 1420 0x 1424 0x 1428 0x 142C 0x 1430 0x 1434 0x 1438 0x 143C 0x 1440 0x 1444 0x 1448 0x 144C 0x 1450 0x 1454 0x 1458 0x 145C 0x 1460 0x 1464 0x 1468 0x 146C 0x 1470 0x 1474 0x 1478 0x 147C 0x 1480 0x 1484 0x 1488 0x 148C 0x 1490 0x 1494 0x 1498 0x 14A0 0x 14A4 0x 14A8 0x 14AC 0x 14B0 0x 14B4 0x 14B8 0x 14BC 0x 14C0 0x 14C4 0x 14C8 0x 14CC 0x 14D0 0x 14D4 0x 14D8 0x 14DC 0x 14E0 0x 14E4 0x 14E8 0x 14EC 0x 14F0 0x 14F4 0x 14F8 0x 14FC 0x 1500 0x 1504 0x 1508 0x 150C 0x 1510 0x 1514 0x 1518 0x 151C 0x 1520 0x 1524 0x 1528 0x 152C 0x 1530 0x 1534 0x 1538 0x 153C 0x 1540 0x 1554 0x 1558 0x 155C 0x 1560 0x 1564 0x 1568 0x 156C 0x 1570 0x 1574 0x 1578 0x 157C 0x 1580 0x 1584 0x 1588 0x 158C 0x 1590 0x 1594 0x 1598 0x 159C 0x 15A0 0x 15A4 0x 15A8 0x 15AC 0x 15B0 0x 15B4 0x 15B8 0x 15BC 0x 15C0 0x 15C4 0x 15C8 0x 15CC 0x 15D0 0x 15D4 0x 15DC 0x 15E0 0x 15E4 0x 15E8 0x 15EC 0x 15F0 0x 15F4 0x 15F8 0x 15FC 0x 1600 0x 1604 0x 1608 0x 160C 0x 1610 0x 1614 0x 1618 0x 161C 0x 1620 0x 1624 0x 1628 0x 162C 0x 1630 0x 1634 0x 1638 0x 163C 0x 1640 0x 1644 0x 1648 0x 164C 0x 1650 0x 1654 0x 1658 0x 165C 0x 1660 0x 1664 0x 1668 0x 166C 0x 1670 0x 1674 0x 1678 0x 167C 0x 1680 0x 1684 0x 1688 0x 168C 0x 1690 0x 1694 0x 1698 0x 169C 0x 16A0 0x 16A4 0x 16A8 0x 16AC 0x 16B0 0x 16B4 0x 16B8 0x 16BC 0x 16C0 0x 16C4 0x 16CC 0x 16D0 0x 16D4 0x 16D8 0x 16DC 0x 16E0 0x 16E4 0x 16E8 0x 16EC 0x 16F0 0x 16F4 0x 16F8 0x 16FC 0x 1700 0x 1704 0x 1708 0x 170C 0x 1710 0x 1714 0x 1718 0x 171C 0x 1720 0x 1724 0x 1728 0x 172C 0x 1730 0x 1734 0x 1738 0x 173C 0x 1740 0x 1744 0x 1748 0x 174C 0x 1750 0x 1754 0x 1758 0x 175C 0x 1760 0x 1764 0x 1768 0x 176C 0x 1770 0x 1774 0x 1778 0x 177C 0x 1780 0x 1784 0x 1788 0x 178C 0x 1790 0x 1794 0x 1798 0x 179C 0x 17A0 0x 17A4 0x 17A8 0x 17AC 0x 17B0 0x 17B4 0x 17B8 0x 17BC 0x 17C0 0x 17C4 0x 17C8 0x 17CC 0x 17D0 0x 17D4 0x 17D8 0x 17DC 0x 17E0 0x 17E4 0x 17E8 0x 17EC 0x 17F0 0x 17F4 0x 17F8 0x 17FC 0x E38 0x 1094 0x 1804 0x 1808 0x 180C 0x 1810 0x 1814 0x 1818 0x 181C 0x 1820 0x 1824 0x 1828 0x 182C 0x 1830 0x 1834 0x 1838 0x 183C 0x 1840 0x 1844 0x 1848 0x 184C 0x 1850 0x 1854 0x 1858 0x 185C 0x 1860 0x 1864 0x 1868 0x 186C 0x 1870 0x 1874 0x 1878 0x 187C 0x 1880 0x 1884 0x 1888 0x 188C 0x 1890 0x 1894 0x 1898 0x 189C 0x 18A0 0x 18A4 0x 18A8 0x 18AC 0x 18B0 0x 18B4 0x 18B8 0x 18BC 0x 18C0 0x 18C4 0x 18C8 0x 18CC 0x 18D0 0x 18D4 0x 18D8 0x 18DC 0x 18E0 0x 18E4 0x 18E8 0x 18EC 0x 18F0 0x 18F4 0x 18F8 0x 18FC 0x 1900 0x 1904 0x 1908 0x 190C 0x 1910 0x 1914 0x 1918 0x 191C 0x 1920 0x 1924 0x 1928 0x 192C 0x 1930 0x 1934 0x 1938 0x 193C 0x 1940 0x 1944 0x 1948 0x 194C 0x 1950 0x 1954 0x 1958 0x 195C 0x 1960 0x 1964 0x 1968 0x 196C 0x 1970 0x 1974 0x 1978 0x 197C 0x 1980 0x 1984 0x 1988 0x 198C 0x 1990 0x 1994 0x 1998 0x 199C 0x 19A0 0x 19A4 0x 19A8 0x 19AC 0x 19B0 0x 19B4 0x 19B8 0x 19BC 0x 19C0 0x 19C4 0x 19C8 0x 19CC 0x 19D0 0x 19D4 0x 19D8 0x 19DC 0x 19E0 0x 19E4 0x 19E8 0x 19EC 0x 19F0 0x 19F4 0x 19F8 0x 19FC 0x 1A00 0x 1A04 0x 1A08 0x 1A0C 0x 1A10 0x 1A14 0x 1A18 0x 1A1C 0x 1A20 0x 1A24 0x 1A28 0x 1A2C 0x 1A30 0x 1A34 0x 1A38 0x 1A3C 0x 1A40 0x 1A44 0x 1A48 0x 1A4C 0x 1A50 0x 1A54 0x 1A58 0x 1A5C 0x 1A60 0x 1A64 0x 1A68 0x 1A6C 0x 1A70 0x 1A74 0x 1A78 0x 1A7C 0x 1A80 0x 1A84 0x 1A88 0x 1A8C 0x 1A90 0x 1A94 0x 1A98 0x 1A9C 0x 1AA0 0x 1AA4 0x 1AA8 0x 1AAC 0x 1AB0 0x 1AB4 0x 1AB8 0x 1ABC 0x 1AC0 0x 1AC4 0x 1AC8 0x 1ACC 0x 1AD0 0x 1AD4 0x 1AD8 0x 1ADC 0x 1AE0 0x 1AE4 0x 1AE8 0x 1AEC 0x 1AF0 0x 1AF4 0x 1AF8 0x 1AFC 0x 1B00 0x 1B04 0x 1B08 0x 1B0C 0x 1B10 0x 1B14 0x 1B18 0x 1B1C 0x 1B20 0x 1B24 0x 1B28 0x 1B2C 0x 1B30 0x 1B34 0x 1B38 0x 1B3C 0x 1B40 0x 1B44 0x 1B48 0x 1B4C 0x 1B50 0x 1B54 0x 1B58 0x 1B5C 0x 1B60 0x 1B64 0x 1B68 0x 1B6C 0x 1B70 0x 1B74 0x 1B78 0x 1B7C 0x 1B80 0x 1B84 0x 1B88 0x 1B8C 0x 1B90 0x 1B94 0x 1B98 0x 1B9C 0x 1BA0 0x 1BA4 0x 1BA8 0x 1BAC 0x 1BB0 0x 1BB4 0x 1BB8 0x 1BBC 0x 1BC0 0x 1BC4 0x 1BC8 0x 1BCC 0x 1BD0 0x 1BD4 0x 1BD8 0x 1BDC 0x 1BE0 0x 1BE4 0x 1BE8 0x 1BEC 0x 1BF0 0x 1BF4 0x 1BF8 0x 1BFC 0x 8AC 0x 1C04 0x 1C08 0x 1C0C 0x 1C10 0x 1C14 0x 1C18 0x 1C1C 0x 1C20 0x 1C24 0x 1C28 0x 1C2C 0x 1C30 0x 1C34 0x 1C38 0x 1C3C 0x 1C40 0x 1C44 0x 1C48 0x 1C4C 0x 1C50 0x 1C54 0x 1C58 0x 1C5C 0x 1C60 0x 1C64 0x 1C68 0x 1C6C 0x 1C70 0x 1C74 0x 1C78 0x 1C7C 0x 1C80 0x 1C84 0x 1C88 0x 1C8C 0x 1C90 0x 1C94 0x 1C98 0x 1C9C 0x 1CA0 0x 1CA4 0x 1CA8 0x 1CAC 0x 1CB0 0x 1CB4 0x 1CB8 0x 1CBC 0x 1CC0 0x 1CC4 0x 1CC8 0x 1CCC 0x 1CD0 0x 1CD4 0x 1CD8 0x 1CDC 0x 1CE0 0x 1CE4 0x 1CE8 0x 1CEC 0x 1CF0 0x 1CF4 0x 1CF8 0x 1CFC 0x 1D00 0x 1D04 0x 1D08 0x 1D0C 0x 1D10 0x 1D14 0x 1D18 0x 1D1C 0x 1D20 0x 1D24 0x 1D28 0x 1D2C 0x 1D30 0x 1D34 0x 1D38 0x 1D3C 0x 1D40 0x 1D44 0x 1D48 0x 1D4C 0x 1D50 0x 1D54 0x 1D58 0x 1D5C 0x 1D60 0x 1D64 0x 1D68 0x 1D6C 0x 1D70 0x 1D74 0x 1D78 0x 1D7C 0x 1D80 0x 1D84 0x 1D88 0x 1D8C 0x 1D90 0x 1D94 0x 1D98 0x 1D9C 0x 1DA0 0x 1DA4 0x 1DA8 0x 1DAC 0x 1DB0 0x 1DB4 0x 1DB8 0x 1DBC 0x 1DC0 0x 1DC4 0x 1DC8 0x 1DCC 0x 1DD0 0x 1DD4 0x 1DD8 0x 1DDC 0x 1DE0 0x 1DE4 0x 1DE8 0x 1DEC 0x 1DF0 0x 1DF4 0x 1DF8 0x 1DFC 0x 1E00 0x 1E04 0x 1E08 0x 1E0C 0x 1E10 0x 1E14 0x 1E18 0x 1E1C 0x 1E20 0x 1E24 0x 1E28 0x 1E2C 0x 1E30 0x 1E34 0x 1E38 0x 1E3C 0x 1E40 0x 1E44 0x 1E48 0x 1E4C 0x 1E50 0x 1E54 0x 1E58 0x 1E5C 0x 1E60 0x 1E64 0x 1E68 0x 1E6C 0x 1E70 0x 1E74 0x 1E78 0x 1E7C 0x 1E80 0x 1E84 0x 1E88 0x 1E8C 0x 1E90 0x 1E94 0x 1E98 0x 1E9C 0x 1EA0 0x 1EA4 0x 1EA8 0x 1EAC 0x 1EB0 0x 1EB4 0x 1EB8 0x 1EBC 0x 1EC0 0x 1EC4 0x 1EC8 0x 1ECC 0x 1ED0 0x 1ED4 0x 1ED8 0x 1EDC 0x 1EE0 0x 1EE4 0x 1EE8 0x 1EEC 0x 1EF0 0x 1EF4 0x 1EF8 0x 1EFC 0x 1F00 0x 1F04 0x 1F08 0x 1F0C 0x 1F10 0x 1F14 0x 1F18 0x 1F1C 0x 1F20 0x 1F24 0x 1F28 0x 1F2C 0x 1F30 0x 1F34 0x 1F38 0x 1F3C 0x 1F40 0x 1F44 0x 1F48 0x 1F4C 0x 1F50 0x 1F54 0x 1F58 0x 1F5C 0x 1F60 0x 1F64 0x 1F68 0x 1F6C 0x 1F70 0x 1F74 0x 1F78 0x 1F7C 0x 1F80 0x 1F84 0x 1F88 0x 1F8C 0x 1F90 0x 1F94 0x 1F98 0x 1F9C 0x 1FA0 0x 1FA4 0x 1FA8 0x 1FAC 0x 1FB0 0x 1FB4 0x 1FB8 0x 1FBC 0x 1FC0 0x 1FC4 0x 1FC8 0x 1FCC 0x 1FD0 0x 1FD4 0x 1FD8 0x 1FDC 0x 1FE0 0x 1FE4 0x 1FE8 0x 1FEC 0x 1FF0 0x 1FF4 0x 1FF8 0x 1FFC 0x 2004 0x 2008 0x 200C 0x 2010 0x 2014 0x 2018 0x 201C 0x 2020 0x 2024 0x 2028 0x 202C 0x 2030 0x 2034 0x 2038 0x 203C 0x 2040 0x 2044 0x 2048 0x 204C 0x 2050 0x 2054 0x 2058 0x 205C 0x 2060 0x 2064 0x 2068 0x 206C 0x 2070 0x 2074 0x 2078 0x 207C 0x 2080 0x 2084 0x 2088 0x 208C 0x 2090 0x 2094 0x 2098 0x 209C 0x 20A0 0x 20A4 0x 20A8 0x 20AC 0x 20B0 0x 20B4 0x 20B8 0x 20BC 0x 20C0 0x 20C4 0x 20C8 0x 20CC 0x 20D0 0x 20D4 0x 20D8 0x 20DC 0x 20E0 0x 20E4 0x 20E8 0x 20EC 0x 20F0 0x 20F4 0x 20F8 0x 20FC 0x 2100 0x 2104 0x 2108 0x 210C 0x 2110 0x 2114 0x 2118 0x 211C 0x 2120 0x 2124 0x 2128 0x 212C 0x 2130 0x 2134 0x 2138 0x 213C 0x 2140 0x 2144 0x 2148 0x 214C 0x 2150 0x 2154 0x 2158 0x 215C 0x 2160 0x 2164 0x 2168 0x 216C 0x 2170 0x 2174 0x 2178 0x 217C 0x 2180 0x 2184 0x 2188 0x 218C 0x 2190 0x 2194 0x 2198 0x 219C 0x 21A0 0x 21A4 0x 21A8 0x 21AC 0x 21B0 0x 21B4 0x 21B8 0x 21BC 0x 21C0 0x 21C4 0x 21C8 0x 21CC 0x 21D0 0x 21D4 0x 21D8 0x 21DC 0x 21E0 0x 21E4 0x 21E8 0x 21EC 0x 21F0 0x 21F4 0x 21F8 0x 21FC 0x 2200 0x 2204 0x 2208 0x 220C 0x 2210 0x 2214 0x 2218 0x 221C 0x 2220 0x 2224 0x 2228 0x 222C 0x 2230 0x 2234 0x 2238 0x 223C 0x 2240 0x 2244 0x 2248 0x 224C 0x 2250 0x 2254 0x 2258 0x 225C 0x 2260 0x 2264 0x 2268 0x 226C 0x 2270 0x 2274 0x 2278 0x 227C 0x 2280 0x 2284 0x 2288 0x 228C 0x 2290 0x 2294 0x 2298 0x 229C 0x 22A0 0x 22A4 0x 22A8 0x 22AC 0x 22B0 0x 22B4 0x 22B8 0x 22BC 0x 22C0 0x 22C4 0x 22C8 0x 22CC 0x 22D0 0x 22D4 0x 22D8 0x 22DC 0x 22E0 0x 22E4 0x 22E8 0x 22EC 0x 22F0 0x 22F4 0x 22F8 0x 22FC 0x 2300 0x 2304 0x 2308 0x 230C 0x 2310 0x 2314 0x 2318 0x 231C 0x 2320 0x 2324 0x 2328 0x 232C 0x 2330 0x 2334 0x 2338 0x 233C 0x 2340 0x 2344 0x 2348 0x 234C 0x 2350 0x 2354 0x 2358 0x 235C 0x 2360 0x 2364 0x 2368 0x 236C 0x 2370 0x 2374 0x 2378 0x 237C 0x 2380 0x 2384 0x 2388 0x 238C 0x 2390 0x 2394 0x 2398 0x 239C 0x 23A0 0x 23A4 0x 23A8 0x 23AC 0x 23B0 0x 23B4 0x 23B8 0x 23BC 0x 23C0 0x 23C4 0x 23C8 0x 23CC 0x 23D0 0x 23D4 0x 23D8 0x 23DC 0x 23E0 0x 23E4 0x 23E8 0x 23EC 0x 23F0 0x 23F4 0x 23F8 0x 23FC 0x 2404 0x 2408 0x 240C 0x 2410 0x 2414 0x 2418 0x 241C 0x 2420 0x 2424 0x 2428 0x 242C 0x 2430 0x 2434 0x 2438 0x 243C 0x 2440 0x 2444 0x 2448 0x 244C 0x 2450 0x 2454 0x 2458 0x 245C 0x 2460 0x 2464 0x 2468 0x 246C 0x 2470 0x 2474 0x 2478 0x 247C 0x 2480 0x 2484 0x 2488 0x 248C 0x 2490 0x 2494 0x 2498 0x 249C 0x 24A0 0x 24A4 0x 24A8 0x 24AC 0x 24B0 0x 24B4 0x 24B8 0x 24BC 0x 24C0 0x 24C4 0x 24C8 0x 24CC 0x 24D0 0x 24D4 0x 24D8 0x 24DC 0x 24E0 0x 24E4 0x 24E8 0x 24EC 0x 24F0 0x 24F4 0x 24F8 0x 24FC 0x 2500 0x 2504 0x 2508 0x 250C 0x 2510 0x 2514 0x 2518 0x 251C 0x 2520 0x 2524 0x 2528 0x 252C 0x 2530 0x 2534 0x 2538 0x 253C 0x 2540 0x 2544 0x 2548 0x 254C 0x 2550 0x 2554 0x 2558 0x 255C 0x 2560 0x 2564 0x 2568 0x 256C 0x 2570 0x 2574 0x 2578 0x 257C 0x 2580 0x 2584 0x 2588 0x 258C 0x 2590 0x 2594 0x 2598 0x 259C 0x 25A0 0x 25A4 0x 25A8 0x 25AC 0x 25B0 0x 25B4 0x 25B8 0x 25BC 0x 25C0 0x 25C4 0x 25C8 0x 25CC 0x 25D0 0x 25D4 0x 25D8 0x 25DC 0x 25E0 0x 25E4 0x 25E8 0x 25EC 0x 25F0 0x 25F4 0x 25F8 0x 25FC 0x 2600 0x 2604 0x 2608 0x 260C 0x 2610 0x 2614 0x 2618 0x 261C 0x 2620 0x 2624 0x 2628 0x 262C 0x 2630 0x 2634 0x 2638 0x 263C 0x 2640 0x 2644 0x 2648 0x 264C 0x 2650 0x 2654 0x 2658 0x 265C 0x 2660 0x 2664 0x 2668 0x 266C 0x 2670 0x 2674 0x 2678 0x 267C 0x 2680 0x 2684 0x 2688 0x 268C 0x 2690 0x 2694 0x 2698 0x 269C 0x 26A0 0x 26A4 0x 26A8 0x 26AC 0x 26B0 0x 26B4 0x 26B8 0x 26BC 0x 26C0 0x 26C4 0x 26C8 0x 26CC 0x 26D0 0x 26D4 0x 26D8 0x 26DC 0x 26E0 0x 26E4 0x 26E8 0x 26EC 0x 26F0 0x 26F4 0x 26F8 0x 26FC 0x 2700 0x 2704 0x 2708 0x 270C 0x 2710 0x 2714 0x 2718 0x 271C 0x 2720 0x 2724 0x 2728 0x 272C 0x 2730 0x 2734 0x 2738 0x 273C 0x 2740 0x 2744 0x 2748 0x 274C 0x 2750 0x 2754 0x 2758 0x 275C 0x 2760 0x 2764 0x 2768 0x 276C 0x 2770 0x 2774 0x 2778 0x 277C 0x 2780 0x 2784 0x 2788 0x 278C 0x 2790 0x 2794 0x 2798 0x 279C 0x 27A0 0x 27A4 0x 27A8 0x 27AC 0x 27B0 0x 27B4 0x 27B8 0x 27BC 0x 27C0 0x 27C4 0x 27C8 0x 27CC 0x 27D0 0x 27D4 0x 27D8 0x 27DC 0x 27E0 0x 27E4 0x 27E8 0x 27EC 0x 27F0 0x 27F4 0x 27F8 0x 27FC 0x 2804 0x 2808 0x 280C 0x 2810 0x 2814 0x 2818 0x 281C 0x 2820 0x 2824 0x 2828 0x 282C 0x 2830 0x 2834 0x 2838 0x 283C 0x 2840 0x 2844 0x 2848 0x 284C 0x 2850 0x 2854 0x 2858 0x 285C 0x 2860 0x 2864 0x 2868 0x 286C 0x 2870 0x 2874 0x 2878 0x 287C 0x 2880 0x 2884 0x 2888 0x 288C 0x 2890 0x 2894 0x 2898 0x 289C 0x 28A0 0x 28A4 0x 28A8 0x 28AC 0x 28B0 0x 28B4 0x 28B8 0x 28BC 0x 28C0 0x 28C4 0x 28C8 0x 28CC 0x 28D0 0x 28D4 0x 28D8 0x 28DC 0x 28E0 0x 28E4 0x 28E8 0x 28EC 0x 28F0 0x 28F4 0x 28F8 0x 28FC 0x 2900 0x 2904 0x 2908 0x 290C 0x 2910 0x 2914 0x 2918 0x 291C 0x 2920 0x 2924 0x 2928 0x 292C 0x 2930 0x 2934 0x 2938 0x 293C 0x 2940 0x 2944 0x 2948 0x 294C 0x 2950 0x 2954 0x 2958 0x 295C 0x 2960 0x 2964 0x 2968 0x 296C 0x 2970 0x 2974 0x 2978 0x 297C 0x 2980 0x 2984 0x 2988 0x 298C 0x 2990 0x 2994 0x 2998 0x 299C 0x 29A0 0x 29A4 0x 29A8 0x 29AC 0x 29B0 0x 29B4 0x 29B8 0x 29BC 0x 29C0 0x 29C4 0x 29C8 0x 29CC 0x 29D0 0x 29D4 0x 29D8 0x 29DC 0x 29E0 0x 29E4 0x 29E8 0x 29EC 0x 29F0 0x 29F4 0x 29F8 0x 29FC 0x 2A00 0x 2A04 0x 2A08 0x 2A0C 0x 2A10 0x 2A14 0x 2A18 0x 2A1C 0x 2A20 0x 2A24 0x 2A28 0x 2A2C 0x 2A30 0x 2A34 0x 2A38 0x 2A3C 0x 2A40 0x 2A44 0x 2A48 0x 2A4C 0x 2A50 0x 2A54 0x 2A58 0x 2A5C 0x 2A60 0x 2A64 0x 2A68 0x 2A6C 0x 2A70 0x 2A74 0x 2A78 0x 2A7C 0x 2A80 0x 2A84 0x 2A88 0x 2A8C 0x 2A90 0x 2A94 0x 2A98 0x 2A9C 0x 2AA0 0x 2AA4 0x 2AA8 0x 2AAC 0x 2AB0 0x 2AB4 0x 2AB8 0x 2ABC 0x 2AC0 0x 2AC4 0x 2AC8 0x 2ACC 0x 2AD0 0x 2AD4 0x 2AD8 0x 2ADC 0x 2AE0 0x 2AE4 0x 2AE8 0x 2AEC 0x 2AF0 0x 2AF4 0x 2AF8 0x 2AFC 0x 2B00 0x 2B04 0x 2B08 0x 2B0C 0x 2B10 0x 2B14 0x 2B18 0x 2B1C 0x 2B20 0x 2B24 0x 2B28 0x 2B2C 0x 2B30 0x 2B34 0x 2B38 0x 2B3C 0x 2B40 0x 2B44 0x 2B48 0x 2B4C 0x 2B50 0x 2B54 0x 2B58 0x 2B5C 0x 2B60 0x 2B64 0x 2B68 0x 2B6C 0x 2B70 0x 2B74 0x 2B78 0x 2B7C 0x 2B80 0x 2B84 0x 2B88 0x 2B8C 0x 2B90 0x 2B94 0x 2B98 0x 2B9C 0x 2BA0 0x 2BA4 0x 2BA8 0x 2BAC 0x 2BB0 0x 2BB4 0x 2BB8 0x 2BBC 0x 2BC0 0x 2BC4 0x 2BC8 0x 2BCC 0x 2BD0 0x 2BD4 0x 2BD8 0x 2BDC 0x 2BE0 0x 2BE4 0x 2BE8 0x 2BEC 0x 2BF0 0x 2BF4 0x 2BF8 0x 2BFC 0x B10 0x 2C04 0x 2C08 0x 2C0C 0x 2C10 0x 2C14 0x 2C18 0x 2C1C 0x 2C20 0x 2C24 0x 2C28 0x 2C2C 0x 2C30 0x 2C34 0x 2C38 0x 2C3C 0x 2C40 0x 2C44 0x 2C48 0x 2C4C 0x 2C50 0x 2C54 0x 2C58 0x 2C5C 0x 2C60 0x 2C64 0x 2C68 0x 2C6C 0x 2C70 0x 2C74 0x 2C78 0x 2C7C 0x 2C80 0x 2C84 0x 2C88 0x 2C8C 0x 2C90 0x 2C94 0x 2C98 0x 2C9C 0x 2CA0 0x 2CA4 0x 2CA8 0x 2CAC 0x 2CB0 0x 2CB4 0x 2CB8 0x 2CBC 0x 2CC0 0x 2CC4 0x 2CC8 0x 2CCC 0x 2CD0 0x 2CD4 0x 2CD8 0x 2CDC 0x 2CE0 0x 2CE4 0x 2CE8 0x 2CEC 0x 2CF0 0x 2CF4 0x 2CF8 0x 2CFC 0x 2D00 0x 2D04 0x 2D08 0x 2D0C 0x 2D10 0x 2D14 0x 2D18 0x 2D1C 0x 2D20 0x 2D24 0x 2D28 0x 2D2C 0x 2D30 0x 2D34 0x 2D38 0x 2D3C 0x 2D40 0x 2D44 0x 2D48 0x 2D4C 0x 2D50 0x 2D54 0x 2D58 0x 2D5C 0x 2D60 0x 2D64 0x 2D68 0x 2D6C 0x 2D70 0x 2D74 0x 2D78 0x 2D7C 0x 2D80 0x 2D84 0x 2D88 0x 2D8C 0x 2D90 0x 2D94 0x 2D98 0x 2D9C 0x 2DA0 0x 2DA4 0x 2DA8 0x 2DAC 0x 2DB0 0x 2DB4 0x 2DB8 0x 2DBC 0x 2DC0 0x 2DC4 0x 2DC8 0x 2DCC 0x 2DD0 0x 2DD4 0x 2DD8 0x 2DDC 0x 2DE0 0x 2DE4 0x 2DE8 0x 2DEC 0x 2DF0 0x 2DF4 0x 2DF8 0x 2DFC 0x 2E00 0x 2E04 0x 2E08 0x 2E0C 0x 2E10 0x 2E14 0x 2E18 0x 2E1C 0x 2E20 0x 2E24 0x 2E28 0x 2E2C 0x 2E30 0x 2E34 0x 2E38 0x 2E3C 0x 2E40 0x 2E44 0x 2E48 0x 2E4C 0x 2E50 0x 2E54 0x 2E58 0x 2E5C 0x 2E60 0x 2E64 0x 2E68 0x 2E6C 0x 2E70 0x 2E74 0x 2E78 0x 2E7C 0x 2E80 0x 2E84 0x 2E88 0x 2E8C 0x 2E90 0x 2E94 0x 2E98 0x 2E9C 0x 2EA0 0x 2EA4 0x 2EA8 0x 2EAC 0x 2EB0 0x 2EB4 0x 2EB8 0x 2EBC 0x 2EC0 0x 2EC4 0x 2EC8 0x 2ECC 0x 2ED0 0x 2ED4 0x 2ED8 0x 2EDC 0x 2EE0 0x 2EE4 0x 2EE8 0x 2EEC 0x 2EF0 0x 2EF4 0x 2EF8 0x 2EFC 0x 2F00 0x 2F04 0x 2F08 0x 2F0C 0x 2F10 0x 2F14 0x 2F18 0x 2F1C 0x 2F20 0x 2F24 0x 2F28 0x 2F2C 0x 2F30 0x 2F34 0x 2F38 0x 2F3C 0x 2F40 0x 2F44 0x 2F48 0x 2F4C 0x 2F50 0x 2F54 0x 2F58 0x 2F5C 0x 2F60 0x 2F64 0x 2F68 0x 2F6C 0x 2F70 0x 2F74 0x 2F78 0x 2F7C 0x 2F80 0x 2F84 0x 2F88 0x 2F8C 0x 2F90 0x 2F94 0x 2F98 0x 2F9C 0x 2FA0 0x 2FA4 0x 2FA8 0x 2FAC 0x 2FB0 0x 2FB4 0x 2FB8 0x 2FBC 0x 2FC0 0x 2FC4 0x 2FC8 0x 2FCC 0x 2FE4 0x 2FE8 0x 2FEC 0x 2FF0 0x 2FF4 0x 2FF8 0x 2FFC 0x 3004 0x 3008 0x 300C 0x 3010 0x 3014 0x 3018 0x 301C 0x 3020 0x 3024 0x 3028 0x 302C 0x 3030 0x 3034 0x 3038 0x 303C 0x 3040 0x 3044 0x 3048 0x 304C 0x 3050 0x 3054 0x 3058 0x 305C 0x 3060 0x 3064 0x 3068 0x 306C 0x 3070 0x 3074 0x 3078 0x 307C 0x 3080 0x 3084 0x 3088 0x 308C 0x 3090 0x 3094 0x 3098 0x 309C 0x 30A0 0x 30A4 0x 30A8 0x 30AC 0x 30B0 0x 30B4 0x 30B8 0x 30BC 0x 30C0 0x 30C4 0x 30C8 0x 30CC 0x 30D0 0x 30D4 0x 30D8 0x 30DC 0x 30E0 0x 30E4 0x 30E8 0x 30EC 0x 30F0 0x 30F4 0x 30F8 0x 30FC 0x 3100 0x 3104 0x 3108 0x 310C 0x 3110 0x 3114 0x 3118 0x 311C 0x 3120 0x 3124 0x 3128 0x 312C 0x 3130 0x 3134 0x 3138 0x 313C 0x 3140 0x 3144 0x 3148 0x 3154 0x 3158 0x 315C 0x 3160 0x 3164 0x 3168 0x 316C 0x 3170 0x 3174 0x 3178 0x 317C 0x 3180 0x 3184 0x 3188 0x 318C 0x 3190 0x 3194 0x 3198 0x 319C 0x 31A0 0x 31A4 0x 31A8 0x 31AC 0x 31B0 0x 31B4 0x 31B8 0x 31BC 0x 31C0 0x 31C4 0x 31C8 0x 31CC 0x 31D0 0x 31D4 0x 31D8 0x 31DC 0x 31E0 0x 31E4 0x 31E8 0x 31EC 0x 31F0 0x 31F4 0x 31F8 0x 31FC 0x 3200 0x 3204 0x 3208 0x 320C 0x 3210 0x 3214 0x 3218 0x 321C 0x 3220 0x 3224 0x 3228 0x 322C 0x 3230 0x 3234 0x 3238 0x 323C 0x 3240 0x 3244 0x 3248 0x 324C 0x 3250 0x 3254 0x 3258 0x 325C 0x 3260 0x 3264 0x 3268 0x 326C 0x 3270 0x 3274 0x 3278 0x 327C 0x 3280 0x 3284 0x 3288 0x 328C 0x 3290 0x 3294 0x 3298 0x 329C 0x 32A0 0x 32A4 0x 32A8 0x 32AC 0x 32B0 0x 32B4 0x 32B8 0x 32BC 0x 32C0 0x 32C4 0x 32C8 0x 32CC 0x 32D0 0x 32D4 0x 32D8 0x 32DC 0x 32E0 0x 32E4 0x 32E8 0x 32EC 0x 32F0 0x 32F4 0x 32F8 0x 32FC 0x 3300 0x 3304 0x 3308 0x 330C 0x 3310 0x 3314 0x 3318 0x 331C 0x 3320 0x 3324 0x 3328 0x 332C 0x 3330 0x 3334 0x 3338 0x 333C 0x 3340 0x 3344 0x 3348 0x 334C 0x 3350 0x 3354 0x 3358 0x 335C 0x 3360 0x 3364 0x 3368 0x 336C 0x 3370 0x 3374 0x 3378 0x 337C 0x 3380 0x 3384 0x 3388 0x 338C 0x 3390 0x 3394 0x 3398 0x 339C 0x 33A0 0x 33A4 0x 33A8 0x 33AC 0x 33B0 0x 33B4 0x 33B8 0x 33BC 0x 33C0 0x 33C4 0x 33C8 0x 33CC 0x 33D0 0x 33D4 0x 33D8 0x 33DC 0x 33E0 0x 33E4 0x 33E8 0x 33EC 0x 33F0 0x 33F4 0x 33F8 0x 33FC 0x 3404 0x 3408 0x 340C 0x 3410 0x 3414 0x 3418 0x 341C 0x 3420 0x 3424 0x 3428 0x 342C 0x 3430 0x 3434 0x 3438 0x 343C 0x 3440 0x 3444 0x 3448 0x 344C 0x 3450 0x 3454 0x 3458 0x 345C 0x 3460 0x 3464 0x 3468 0x 346C 0x 3470 0x 3474 0x 3478 0x 347C 0x 3480 0x 3484 0x 3488 0x 348C 0x 3490 0x 3494 0x 3498 0x 349C 0x 34A0 0x 34A4 0x 34A8 0x 34AC 0x 34B0 0x 34B4 0x 34B8 0x 34BC 0x 34C0 0x 34C4 0x 34C8 0x 34CC 0x 34D0 0x 34D4 0x 34D8 0x 34DC 0x 34E0 0x 34E4 0x 34E8 0x 34EC 0x 34F0 0x 34F4 0x 34F8 0x 34FC 0x 3500 0x 3504 0x 3508 0x 350C 0x 3510 0x 3514 0x 3518 0x 351C 0x 3520 0x 3524 0x 3528 0x 352C 0x 3530 0x 3534 0x 3538 0x 353C 0x 3540 0x 3544 0x 3548 0x 354C 0x 3550 0x 3554 0x 3558 0x 355C 0x 3560 0x 3564 0x 3568 0x 356C 0x 3570 0x 3574 0x 3578 0x 357C 0x 3580 0x 3584 0x 3588 0x 358C 0x 3590 0x 3594 0x 3598 0x 359C 0x 35A0 0x 35A4 0x 35A8 0x 35AC 0x 35B0 0x 35B4 0x 35B8 0x 35BC 0x 35C0 0x 35C4 0x 35C8 0x 35CC 0x 35D0 0x 35D4 0x 35D8 0x 35DC 0x 35E0 0x 35E4 0x 35E8 0x 35EC 0x 35F0 0x 35F4 0x 35F8 0x 35FC 0x 3600 0x 3604 0x 3608 0x 360C 0x 3610 0x 3614 0x 3618 0x 361C 0x 3620 0x 3624 0x 3628 0x 362C 0x 3630 0x 3634 0x 3638 0x 363C 0x 3640 0x 3644 0x 3648 0x 364C 0x 3650 0x 3654 0x 3658 0x 365C 0x 3660 0x 3664 0x 3668 0x 366C 0x 3670 0x 3674 0x 3678 0x 367C 0x 3680 0x 3684 0x 3688 0x 368C 0x 3690 0x 3694 0x 3698 0x 369C 0x 36A0 0x 36A4 0x 36A8 0x 36AC 0x 36B0 0x 36B4 0x 36B8 0x 36BC 0x 36C0 0x 36C4 0x 36C8 0x 36CC 0x 36D0 0x 36D4 0x 36D8 0x 36DC 0x 36E0 0x 36E4 0x 36E8 0x 36EC 0x 36F0 0x 36F4 0x 36F8 0x 36FC 0x 3700 0x 3704 0x 3708 0x 370C 0x 3710 0x 3714 0x 3718 0x 371C 0x 3720 0x 3724 0x 3728 0x 372C 0x 3730 0x 3734 0x 3738 0x 373C 0x 3740 0x 3744 0x 3748 0x 374C 0x 3750 0x 3754 0x 3758 0x 375C 0x 3760 0x 3764 0x 3768 0x 376C 0x 3770 0x 3774 0x 3778 0x 377C 0x 3780 0x 3784 0x 3788 0x 378C 0x 3790 0x 3794 0x 3798 0x 379C 0x 37A0 0x 37A4 0x 37A8 0x 37AC 0x 37B0 0x 37B4 0x 37B8 0x 37BC 0x 37C0 0x 37C4 0x 37C8 0x 37CC 0x 37D0 0x 37D4 0x 37D8 0x 37DC 0x 37E0 0x 37E4 0x 37E8 0x 37EC 0x 37F0 0x 37F4 0x 37F8 0x 37FC 0x 3804 0x 3808 0x 380C 0x 3810 0x 3814 0x 3818 0x 381C 0x 3824 0x 3828 0x 382C 0x 3830 0x 3834 0x 3838 0x 383C 0x 3840 0x 3844 0x 3848 0x 384C 0x 3850 0x 3854 0x 3858 0x 385C 0x 3860 0x 3864 0x 3868 0x 386C 0x 3870 0x 3874 0x 3878 0x 387C 0x 3880 0x 3884 0x 3888 0x 388C 0x 3890 0x 3894 0x 3898 0x 389C 0x 38A0 0x 38A4 0x 38A8 0x 38AC 0x 38B0 0x 38B4 0x 38B8 0x 38BC 0x 38C0 0x 38C4 0x 38C8 0x 38CC 0x 38D0 0x 38D4 0x 38D8 0x 38DC 0x 38E0 0x 38E4 0x 38E8 0x 38EC 0x 38F0 0x 38F4 0x 38F8 0x 38FC 0x 3900 0x 3904 0x 3908 0x 390C 0x 3910 0x 3914 0x 3918 0x 391C 0x 3920 0x 3924 0x 3928 0x 392C 0x 3930 0x 3934 0x 3938 0x 393C 0x 3940 0x 3944 0x 3948 0x 394C 0x 3950 0x 3954 0x 3958 0x 395C 0x 3960 0x 3964 0x 3968 0x 396C 0x 3970 0x 3974 0x 3978 0x 397C 0x 3980 0x 3988 0x 398C 0x 3990 0x 3994 0x 399C 0x 39A0 0x 39A4 0x 39A8 0x 39AC 0x 39B0 0x 39B4 0x 39B8 0x 39BC 0x 39C0 0x 39C4 0x 39C8 0x 39CC 0x 39D0 0x 39D4 0x 39D8 0x 39DC 0x 39E0 0x 39E4 0x 39E8 0x 39EC 0x 39F0 0x 39F4 0x 39F8 0x 39FC 0x 3A00 0x 3A04 0x 3A08 0x 3A0C 0x 3A10 0x 3A14 0x 3A18 0x 3A1C 0x 3A20 0x 3A24 0x 3A28 0x 3A2C 0x 3A30 0x 3A34 0x 3A38 0x 3A3C 0x 3A40 0x 3A44 0x 3A48 0x 3A4C 0x 3A50 0x 3A54 0x 3A58 0x 3A5C 0x 3A60 0x 3A64 0x 3A68 0x 3A6C 0x 3A70 0x 3A74 0x 3A78 0x 3A7C 0x 3A80 0x 3A84 0x 3A88 0x 3A8C 0x 3A90 0x 3A94 0x 3A98 0x 3A9C 0x 3AA0 0x 3AA4 0x 3AA8 0x 3AAC 0x 3AB0 0x 3AB4 0x 3AB8 0x 3ABC 0x 3AC0 0x 3AC4 0x 3AC8 0x 3ACC 0x 3AD0 0x 3AD4 0x 3AD8 0x 3ADC 0x 3AE0 0x 3AE4 0x 3AE8 0x 3AEC 0x 3AF0 0x 3AF4 0x 3AF8 0x 3AFC 0x 3B00 0x 3B04 0x 3B08 0x 3B0C 0x 3B10 0x 3B14 0x 3B18 0x 3B1C 0x 3B20 0x 3B24 0x 3B28 0x 3B2C 0x 3B30 0x 3B34 0x 3B38 0x 3B3C 0x 3B40 0x 3B44 0x 3B48 0x 3B4C 0x 3B50 0x 3B54 0x 3B58 0x 3B5C 0x 3B60 0x 3B64 0x 3B68 0x 3B6C 0x 3B70 0x 3B74 0x 3B78 0x 3B7C 0x 3B80 0x 3B84 0x 3B88 0x 3B8C 0x 3B90 0x 3B94 0x 3B98 0x 3B9C 0x 3BA0 0x 3BA4 0x 3BA8 0x 3BAC 0x 3BB0 0x 3BB4 0x 3BB8 0x 3BBC 0x 3BC0 0x 3BC4 0x 3BC8 0x 3BCC 0x 3BD0 0x 3BD4 0x 3BD8 0x 3BDC 0x 3BE0 0x 3BE4 0x 3BE8 0x 3BEC 0x 3BF0 0x 3BF4 0x 3BF8 0x 3BFC 0x EA8 0x 3C04 0x 3C08 0x 3C0C 0x 3C10 0x 3C14 0x 3C18 0x 3C1C 0x 3C20 0x 3C24 0x 3C28 0x 3C2C 0x 3C30 0x 3C34 0x 3C38 0x 3C3C 0x 3C40 0x 3C44 0x 3C48 0x 3C4C 0x 3C50 0x 3C54 0x 3C58 0x 3C5C 0x 3C60 0x 3C64 0x 3C68 0x 3C6C 0x 3C70 0x 3C74 0x 3C78 0x 3C7C 0x 3C80 0x 3C84 0x 3C88 0x 3C8C 0x 3C90 0x 3C94 0x 3C98 0x 3C9C 0x 3CA0 0x 3CA4 0x 3CA8 0x 3CAC 0x 3CB0 0x 3CB4 0x 3CB8 0x 3CBC 0x 3CC0 0x 3CC4 0x 3CC8 0x 3CCC 0x 3CD0 0x 3CD4 0x 3CD8 0x 3CDC 0x 3CE0 0x 3CE4 0x 3CE8 0x 3CEC 0x 3CF0 0x 3CF4 0x 3CF8 0x 3CFC 0x 3D00 0x 3D04 0x 3D08 0x 3D0C 0x 3D10 0x 3D14 0x 3D1C 0x 3D20 0x 3D24 0x 3D28 0x 3D2C 0x 3D30 0x 3D34 0x 3D38 0x 3D3C 0x 3D40 0x 3D44 0x 3D48 0x 3D4C 0x 3D50 0x 3D54 0x 3D58 0x 3D5C 0x 3D60 0x 3D64 0x 3D68 0x 3D6C 0x 3D70 0x 3D74 0x 3D78 0x 3D7C 0x 3D80 0x 3D84 0x 3D88 0x 3D8C 0x 3D90 0x 3D94 0x 3D98 0x 3D9C 0x 3DA0 0x 3DA4 0x 3DA8 0x 3DAC 0x 3DB0 0x 3DB4 0x 3DB8 0x 3DBC 0x 3DC0 0x 3DC4 0x 3DC8 0x 3DCC 0x 3DD0 0x 3DD4 0x 3DD8 0x 3DDC 0x 3DE0 0x 3DE4 0x 3DE8 0x 3DEC 0x 3DF0 0x 3DF4 0x 3DF8 0x 3DFC 0x 3E00 0x 3E04 0x 3E08 0x 3E0C 0x 3E10 0x 3E14 0x 3E18 0x 3E1C 0x 3E20 0x 3E24 0x 3E28 0x 3E2C 0x 3E30 0x 3E34 0x 3E38 0x 3E3C 0x 3E40 0x 3E44 0x 3E48 0x 3E4C 0x 3E50 0x 3E54 0x 3E58 0x 3E5C 0x 3E60 0x 3E64 0x 3E68 0x 3E6C 0x 3E70 0x 3E74 0x 3E78 0x 3E7C 0x 3E80 0x 3E84 0x 3E88 0x 3E8C 0x 3E90 0x 3E94 0x 3E98 0x 3E9C 0x 3EA0 0x 3EA4 0x 3EA8 0x 3EAC 0x 3EB0 0x 3EB4 0x 3EB8 0x 3EBC 0x 3EC0 0x 3EC4 0x 3EC8 0x 3ECC 0x 3ED0 0x 3ED4 0x 3ED8 0x 3EDC 0x 3EE0 0x 3EE4 0x 3EE8 0x 3EEC 0x 3EF0 0x 3EF4 0x 3EF8 0x 3EFC 0x 3F00 0x 3F04 0x 3F08 0x 3F0C 0x 3F10 0x 3F14 0x 3F18 0x 3F1C 0x 3F20 0x 3F24 0x 3F28 0x 3F2C 0x 3F30 0x 3F34 0x 3F38 0x 3F3C 0x 3F40 0x 3F44 0x 3F48 0x 3F4C 0x 3F50 0x 3F54 0x 3F58 0x 3F5C 0x 3F60 0x 3F64 0x 3F68 0x 3F6C 0x 3F70 0x 3F74 0x 3F78 0x 3F7C 0x 3F80 0x 3F84 0x 3F88 0x 3F8C 0x 3F90 0x 3F94 0x 3F98 0x 3F9C 0x 3FA0 0x 3FA4 0x 3FA8 0x 3FAC 0x 3FB0 0x 3FB4 0x 3FB8 0x 3FBC 0x 3FC0 0x 3FC4 0x 3FC8 0x 3FCC 0x 3FD0 0x 3FD4 0x 3FD8 0x 3FDC 0x 3FE0 0x 3FE4 0x 3FE8 0x 3FEC 0x 3FF0 0x 3FF4 0x 3FF8 0x 3FFC 0x 3984 0x 3820 0x 4004 0x 4008 0x 400C 0x 4010 0x 4014 0x 4018 0x 401C 0x 4020 0x 4024 0x 4028 0x 402C 0x 4030 0x 4034 0x 4038 0x 403C 0x 4040 0x 4044 0x 4048 0x 404C 0x 4050 0x 4054 0x 4058 0x 405C 0x 4060 0x 4064 0x 4068 0x 406C 0x 4070 0x 4074 0x 4078 0x 409C 0x 40A0 0x 40A4 0x 40A8 0x 40AC 0x 40B0 0x 40B4 0x 40B8 0x 40BC 0x 40C0 0x 40C4 0x 40C8 0x 40CC 0x 40D0 0x 40D4 0x 40D8 0x 40DC 0x 40E0 0x 40E4 0x 40E8 0x 40EC 0x 40F0 0x 40F4 0x 40F8 0x 40FC 0x 4100 0x 4104 0x 4108 0x 410C 0x 4110 0x 4114 0x 4118 0x 411C 0x 4120 0x 4124 0x 4128 0x 412C 0x 4130 0x 4134 0x 4138 0x 413C 0x 4140 0x 4144 0x 4148 0x 414C 0x 4150 0x 4154 0x 4158 0x 415C 0x 4160 0x 4164 0x 4168 0x 416C 0x 4170 0x 4174 0x 4178 0x 417C 0x 4180 0x 4184 0x 4188 0x 418C 0x 4190 0x 4194 0x 4198 0x 419C 0x 41A0 0x 41A4 0x 41A8 0x 41AC 0x 41B0 0x 41B4 0x 41B8 0x 41BC 0x 41C0 0x 41C4 0x 41C8 0x 41CC 0x 41D0 0x 41D4 0x 41D8 0x 41DC 0x 41E0 0x 41E4 0x 41E8 0x 41EC 0x 41F0 0x 41F4 0x 41F8 0x 4210 0x 4214 0x 4218 0x 421C 0x 4220 0x 4224 0x 4228 0x 422C 0x 4230 0x 4234 0x 4238 0x 423C 0x 4240 0x 4244 0x 4248 0x 424C 0x 4250 0x 4254 0x 4258 0x 425C 0x 4260 0x 4264 0x 4268 0x 426C 0x 4270 0x 4274 0x 4278 0x 427C 0x 4280 0x 4284 0x 4288 0x 428C 0x 4290 0x 4294 0x 4298 0x 429C 0x 42A0 0x 42A4 0x 42A8 0x 42AC 0x 42B0 0x 42B4 0x 42B8 0x 42BC 0x 42C0 0x 42C4 0x 42C8 0x 42CC 0x 42D0 0x 42D4 0x 42D8 0x 42DC 0x 42E0 0x 42E8 0x 42EC 0x 42F0 0x 42F4 0x 42F8 0x 42FC 0x 4300 0x 4304 0x 4308 0x 430C 0x 4310 0x 4314 0x 4318 0x 431C 0x 4320 0x 4324 0x 4328 0x 432C 0x 4330 0x 4334 0x 4338 0x 433C 0x 4340 0x 4344 0x 4348 0x 434C 0x 4350 0x 4354 0x 4358 0x 435C 0x 4360 0x 4364 0x 4368 0x 436C 0x 4370 0x 4374 0x 4378 0x 437C 0x 4380 0x 4384 0x 4388 0x 438C 0x 4390 0x 4394 0x 4398 0x 439C 0x 43A0 0x 43A4 0x 43A8 0x 43AC 0x 43B0 0x 43B4 0x 43B8 0x 43BC 0x 43C0 0x 43C4 0x 43C8 0x 43CC 0x 43D0 0x 43D4 0x 43D8 0x 43DC 0x 43E0 0x 43E4 0x 43E8 0x 43EC 0x 43F0 0x 43F4 0x 43F8 0x 43FC 0x FC4 0x E00 0x 6CC 0x F40 0x 4098 0x F60 0x F18 0x F58 0x F5C 0x FB8 0x C70 0x 390 0x 1A4 0x F20 0x 4404 0x 4408 0x 440C 0x 4410 0x 4414 0x 4418 0x 441C 0x 4420 0x 4424 0x 4428 0x 442C 0x 4430 0x 4434 0x 4438 0x 443C 0x 4440 0x 4444 0x 4448 0x 444C 0x 4450 0x 4454 0x 4458 0x 445C 0x 4460 0x 4464 0x 4468 0x 446C 0x 4470 0x 4474 0x 4478 0x 447C 0x 4480 0x 4484 0x 4488 0x 448C 0x 4490 0x 4494 0x 4498 0x 449C 0x 44B0 0x 44B4 0x 44B8 0x 44BC 0x 44C0 0x 44C4 0x 44C8 0x 44CC 0x 44D0 0x 44D4 0x 44D8 0x 44DC 0x 44E0 0x 44E4 0x 44E8 0x 44EC 0x 44F0 0x 44F4 0x 44F8 0x 44FC 0x 4500 0x 4504 0x 4508 0x 450C 0x 4510 0x 4514 0x 4518 0x 451C 0x 4520 0x 4524 0x 4528 0x 452C 0x 4530 0x 4534 0x 4538 0x 453C 0x 4540 0x 4544 0x 4548 0x 454C 0x 4550 0x 4554 0x 4558 0x 455C 0x 4560 0x 4564 0x 4568 0x 456C 0x 4570 0x 4574 0x 4578 0x 457C 0x 4580 0x 4584 0x 4588 0x 458C 0x 4590 0x 4594 0x 4598 0x 459C 0x 45A0 0x 45A4 0x 45A8 0x 45AC 0x 45B0 0x 45B4 0x 45B8 0x 45BC 0x 45C0 0x 45C4 0x 45C8 0x 45CC 0x 45D0 0x 45D4 0x 45D8 0x 45DC 0x 45E0 0x 45E4 0x 45E8 0x 45EC 0x 45F0 0x 45F4 0x 45F8 0x 45FC 0x 4600 0x 4604 0x 4608 0x 460C 0x 4610 0x 4614 0x 4618 0x 461C 0x 4620 0x 4624 0x 4628 0x 462C 0x 4630 0x 4634 0x 4638 0x 463C 0x 4640 0x 4644 0x 4648 0x 464C 0x 4650 0x 4654 0x 4658 0x 465C 0x 4660 0x 4664 0x 4668 0x 466C 0x 4670 0x 4674 0x 4678 0x 467C 0x 4680 0x 4684 0x 4688 0x 468C 0x 4690 0x 4694 0x 4698 0x 469C 0x 46A0 0x 46A4 0x 46A8 0x 46AC 0x 46B0 0x 46B4 0x 46B8 0x 46BC 0x 46C0 0x 46C4 0x 46C8 0x 46CC 0x 46D0 0x 46D4 0x 46D8 0x 46DC 0x 46E0 0x 46E4 0x 46E8 0x 46EC 0x 46F4 0x 46F8 0x 46FC 0x 4700 0x 4704 0x 4708 0x 470C 0x 4710 0x 4714 0x 4718 0x 471C 0x 4720 0x 4724 0x 4728 0x 472C 0x 4730 0x 4734 0x 4738 0x 473C 0x 4740 0x 4744 0x 4748 0x 474C 0x 4750 0x 4754 0x 4758 0x 475C 0x 4760 0x 4764 0x 4768 0x 476C 0x 4770 0x 4774 0x 4778 0x 477C 0x 4780 0x 4784 0x 4788 0x 478C 0x 4790 0x 4794 0x 47A0 0x 47A4 0x 47A8 0x 47AC 0x 47B0 0x 47B4 0x 47B8 0x 47BC 0x 47C0 0x 47C4 0x 47C8 0x 47CC 0x 47D0 0x 47D4 0x 47D8 0x 47DC 0x 47E0 0x 47E4 0x 47E8 0x 47EC 0x 47F0 0x 47F4 0x 47F8 0x 47FC 0x DC8 0x 4804 0x 4808 0x 480C 0x 4810 0x 4814 0x 4818 0x 481C 0x 4820 0x 4824 0x 4828 0x 482C 0x 4830 0x 4834 0x 4838 0x 483C 0x 4840 0x 4844 0x 4848 0x 484C 0x 4850 0x 4854 0x 4858 0x 485C 0x 4860 0x 4864 0x 4868 0x 486C 0x 4870 0x 4874 0x 4878 0x 487C 0x 4880 0x 4884 0x 4888 0x 488C 0x 4890 0x 4894 0x 4898 0x 489C 0x 48A0 0x 48A4 0x 48A8 0x 48AC 0x 48B0 0x 48B4 0x 48B8 0x 48BC 0x 48C0 0x 48C4 0x 48C8 0x 48CC 0x 48D0 0x 48D4 0x 48D8 0x 48DC 0x 48E0 0x 48E4 0x 48E8 0x 48EC 0x 48F0 0x 48F4 0x 48F8 0x 48FC 0x 4900 0x 4904 0x 4908 0x 490C 0x 4910 0x 4914 0x 4918 0x 491C 0x 4920 0x 4924 0x 4928 0x 492C 0x 4930 0x 4934 0x 4938 0x 493C 0x 4940 0x 4944 0x 4948 0x 494C 0x 4950 0x 4954 0x 4958 0x 495C 0x 4960 0x 4964 0x 4968 0x 496C 0x 4970 0x 4974 0x 4978 0x 497C 0x 4980 0x 4984 0x 4988 0x 498C 0x 4990 0x 4994 0x 4998 0x 499C 0x 49A0 0x 49A4 0x 49A8 0x 49AC 0x 49B0 0x 49B4 0x 49B8 0x 49BC 0x 49C0 0x 49C4 0x 49C8 0x 49CC 0x 49D0 0x 49D4 0x 49D8 0x 49DC 0x 49E0 0x 49E4 0x 49E8 0x 49EC 0x 49F0 0x 49F4 0x 49F8 0x 49FC 0x 4A00 0x 4A04 0x 4A08 0x 4A0C 0x 4A10 0x 4A14 0x 4A18 0x 4A1C 0x 4A20 0x 4A24 0x 4A28 0x 4A2C 0x 4A30 0x 4A34 0x 4A38 0x 4A3C 0x 4A40 0x 4A44 0x 4A48 0x 4A4C 0x 4A50 0x 4A54 0x 4A58 0x 4A5C 0x 4A60 0x 4A64 0x 4A68 0x 4A6C 0x 4A70 0x 4A74 0x 4A78 0x 4A7C 0x 4A80 0x 4A84 0x 4A88 0x 4A8C 0x 4A90 0x 4A94 0x 4A98 0x 4A9C 0x 4AA0 0x 4AA4 0x 4AA8 0x 4AAC 0x 4AB0 0x 4AB4 0x 4AB8 0x 4ABC 0x 4AC0 0x 4AC4 0x 4AC8 0x 4ACC 0x 4AD0 0x 4AD4 0x 4AD8 0x 4ADC 0x 4AE0 0x 4AE4 0x 4AE8 0x 4AEC 0x 4AF0 0x 4AF4 0x 4AF8 0x 4AFC 0x 4B00 0x 4B04 0x 4B08 0x 4B0C 0x 4B10 0x 4B14 0x 4B18 0x 4B1C 0x 4B20 0x 4B24 0x 4B28 0x 4B2C 0x 4B30 0x 4B34 0x 4B38 0x 4B3C 0x 4B40 0x 4B44 0x 4B48 0x 4B4C 0x 4B50 0x 4B54 0x 4B58 0x 4B5C 0x 4B60 0x 4B64 0x 4B68 0x 4B6C 0x 4B70 0x 4B74 0x 4B78 0x 4B7C 0x 4B80 0x 4B84 0x 4B88 0x 4B8C 0x 4B90 0x 4B94 0x 4B98 0x 4B9C 0x 4BA0 0x 4BA4 0x 4BA8 0x 4BAC 0x 4BB0 0x 4BB4 0x 4BB8 0x 4BBC 0x 4BC0 0x 4BC4 0x 4BC8 0x 4BCC 0x 4BD0 0x 4BD4 0x 4BD8 0x 4BDC 0x 4BE0 0x 4BE4 0x 4BE8 0x 4BEC 0x 4BF0 0x 4BF4 0x 4BF8 0x 4BFC 0x CF0 0x 4C04 0x 4C08 0x 4C0C 0x 4C10 0x 4C14 0x 4C18 0x 4C1C 0x 4C20 0x 4C24 0x 4C28 0x 4C2C 0x 4C30 0x 4C34 0x 4C38 0x 4C3C 0x 4C40 0x 4C44 0x 4C48 0x 4C4C 0x 4C50 0x 4C54 0x 4C58 0x 4C5C 0x 4C60 0x 4C64 0x 4C68 0x 4C6C 0x 4C70 0x 4C74 0x 4C78 0x 4C7C 0x 4C80 0x 4C84 0x 4C88 0x 4C8C 0x 4C90 0x 4C94 0x 4C98 0x 4C9C 0x 4CA0 0x 4CA4 0x 4CA8 0x 4CAC 0x 4CB0 0x 4CB4 0x 4CB8 0x 4CBC 0x 4CC0 0x 4CC4 0x 4CC8 0x 4CCC 0x 4CD0 0x 4CD4 0x 4CD8 0x 4CDC 0x 4CE0 0x 4CE4 0x 4CE8 0x 4CEC 0x 4CF0 0x 4CF4 0x 4CF8 0x 4CFC 0x 4D00 0x 4D04 0x 4D08 0x 4D0C 0x 4D10 0x 4D14 0x 4D18 0x 4D1C 0x 4D20 0x 4D24 0x 4D28 0x 4D2C 0x 4D30 0x 4D34 0x 4D38 0x 4D3C 0x 4D40 0x 4D44 0x 4D48 0x 4D4C 0x 4D50 0x 4D54 0x 4D58 0x 4D5C 0x 4D60 0x 4D64 0x 4D68 0x 4D6C 0x 4D70 0x 4D74 0x 4D78 0x 4D7C 0x 4D80 0x 4D84 0x 4D88 0x 4D8C 0x 4D90 0x 4D94 0x 4D98 0x 4D9C 0x 4DA0 0x 4DA4 0x 4DA8 0x 4DAC 0x 4DB0 0x 4DB4 0x 4DB8 0x 4DBC 0x 4DC0 0x 4DC4 0x 4DC8 0x 4DCC 0x 4DD0 0x 4DD4 0x 4DD8 0x 4DDC 0x 4DE0 0x 4DE4 0x 4DE8 0x 4DEC 0x 4DF0 0x 4DF4 0x 4DF8 0x 4DFC 0x 4E00 0x 4E04 0x 4E08 0x 4E0C 0x 4E10 0x 4E14 0x 4E18 0x 4E1C 0x 4E20 0x 4E24 0x 4E28 0x 4E2C 0x 4E30 0x 4E34 0x 4E38 0x 4E3C 0x 4E40 0x 4E44 0x 4E48 0x 4E4C 0x 4E50 0x 4E54 0x 4E58 0x 4E5C 0x 4E60 0x 4E64 0x 4E68 0x 4E6C 0x 4E70 0x 4E74 0x 4E78 0x 4E7C 0x 4E80 0x 4E84 0x 4E88 0x 4E8C 0x 4E90 0x 4E94 0x 4E98 0x 4E9C 0x 4EA0 0x 4EA4 0x 4EA8 0x 4EAC 0x 4EB0 0x 4EB4 0x 4EB8 0x 4EBC 0x 4EC0 0x 4EC4 0x 4EC8 0x 4ECC 0x 4ED0 0x 4ED4 0x 4ED8 0x 4EDC 0x 4EE0 0x 4EE4 0x 4EE8 0x 4EEC 0x 4EF0 0x 4EF4 0x 4EF8 0x 4EFC 0x 4F00 0x 4F04 0x 4F08 0x 4F0C 0x 4F10 0x 4F14 0x 4F18 0x 4F1C 0x 4F20 0x 4F24 0x 4F28 0x 4F2C 0x 4F30 0x 4F34 0x 4F38 0x 4F3C 0x 4F40 0x 4F44 0x 4F48 0x 4F4C 0x 4F50 0x 4F54 0x 4F58 0x 4F5C 0x 4F60 0x 4F64 0x 4F68 0x 4F6C 0x 4F70 0x 4F74 0x 4F78 0x 4F7C 0x 4F80 0x 4F84 0x 4F88 0x 4F8C 0x 4F90 0x 4F94 0x 4F98 0x 4F9C 0x 4FA0 0x 4FA4 0x 4FA8 0x 4FAC 0x 4FB0 0x 4FB4 0x 4FB8 0x 4FBC 0x 4FC0 0x 4FC4 0x 4FC8 0x 4FCC 0x 4FD0 0x 4FD4 0x 4FD8 0x 4FDC 0x 4FE0 0x 4FE4 0x 4FE8 0x 4FEC 0x 4FF0 0x 4FF4 0x 4FF8 0x 4FFC 0x D18 0x E94 0x CC4 0x EF0 0x A6C 0x E0 0x D6C 0x 4C8 0x 474 0x B80 0x FC0 0x C04 0x 544 0x 744 0x 5004 0x 5008 0x 500C 0x 5010 0x 5014 0x 5018 0x 501C 0x 5020 0x 5024 0x 5028 0x 502C 0x 5030 0x 5034 0x 5038 0x 503C 0x 5040 0x 5044 0x 5048 0x 504C 0x 5050 0x 5054 0x 5058 0x 505C 0x 5060 0x 5064 0x 5068 0x 506C 0x 5070 0x 5074 0x 5078 0x 507C 0x 5080 0x 5084 0x 5088 0x 508C 0x 5090 0x 5094 0x 5098 0x 509C 0x 50A0 0x 50A4 0x 50A8 0x 50AC 0x 50B0 0x 50B4 0x 50B8 0x 50BC 0x 50C0 0x 50C4 0x 50C8 0x 50CC 0x 50D0 0x 50D4 0x 50D8 0x 50DC 0x 50E0 0x 50E4 0x 50E8 0x 50EC 0x 50F0 0x 50F4 0x 50F8 0x 50FC 0x 5100 0x 5104 0x 5108 0x 510C 0x 5110 0x 5114 0x 5118 0x 511C 0x 5120 0x 5124 0x 5128 0x 512C 0x 5130 0x 5134 0x 5138 0x 513C 0x 5140 0x 5144 0x 5148 0x 514C 0x 5150 0x 5154 0x 5158 0x 515C 0x 5160 0x 5164 0x 5168 0x 516C 0x 5170 0x 5174 0x 5178 0x 517C 0x 5180 0x 5184 0x 5188 0x 518C 0x 5190 0x 5194 0x 5198 0x 519C 0x 51A0 0x 51A4 0x 51A8 0x 51AC 0x 51B0 0x 51B4 0x 51B8 0x 51BC 0x 51C0 0x 51C4 0x 51C8 0x 51CC 0x 51D0 0x 51D4 0x 51D8 0x 51DC 0x 51E0 0x 51E4 0x 51E8 0x 51EC 0x 51F0 0x 51F4 0x 51F8 0x 51FC 0x 5200 0x 5204 0x 5208 0x 520C 0x 5210 0x 5214 0x 5218 0x 521C 0x 5220 0x 5224 0x 5228 0x 522C 0x 5230 0x 5234 0x 5238 0x 523C 0x 5240 0x 5244 0x 5248 0x 524C 0x 5250 0x 5254 0x 5258 0x 525C 0x 5260 0x 5264 0x 5268 0x 526C 0x 5270 0x 5274 0x 5278 0x 527C 0x 5280 0x 5284 0x 5288 0x 528C 0x 5290 0x 5294 0x 5298 0x 529C 0x 52A0 0x 52A4 0x 52A8 0x 52AC 0x 52B0 0x 52B4 0x 52B8 0x 52BC 0x 52C0 0x 52C4 0x 52C8 0x 52CC 0x 52D0 0x 52D4 0x 52D8 0x 52DC 0x 52E0 0x 52E4 0x 52E8 0x 52EC 0x 52F0 0x 52F4 0x 52F8 0x 52FC 0x 5300 0x 5304 0x 5308 0x 530C 0x 5310 0x 5314 0x 5318 0x 531C 0x 5320 0x 5324 0x 5328 0x 532C 0x 5330 0x 5334 0x 5338 0x 533C 0x 5340 0x 5344 0x 5348 0x 534C 0x 5350 0x 5354 0x 5358 0x 535C 0x 5360 0x 5364 0x 5368 0x 536C 0x 5370 0x 5374 0x 5378 0x 537C 0x 5380 0x 5384 0x 5388 0x 538C 0x 5390 0x 5394 0x 5398 0x 539C 0x 53A0 0x 53A4 0x 53A8 0x 53AC 0x 53B0 0x 53B4 0x 53B8 0x 53BC 0x 53C0 0x 53C4 0x 53C8 0x 53CC 0x 53D0 0x 53D4 0x 53D8 0x 53DC 0x 53E0 0x 53E4 0x 53E8 0x 53EC 0x 53F0 0x 53F4 0x 53F8 0x 53FC 0x FBC 0x 5404 0x 5408 0x 540C 0x 5410 0x 5414 0x 5418 0x 541C 0x 5420 0x 5424 0x 5428 0x 542C 0x 5430 0x 5434 0x 5438 0x 543C 0x 5440 0x 5444 0x 5448 0x 544C 0x 5450 0x 5454 0x 5458 0x 545C 0x 5460 0x 5468 0x 546C 0x 5470 0x 5474 0x 5478 0x 547C 0x 5480 0x 5484 0x 5488 0x 548C 0x 5490 0x 5494 0x 5498 0x 549C 0x 54A0 0x 54A4 0x 54A8 0x 54AC 0x 54B0 0x 54B4 0x 54B8 0x 54BC 0x 54C0 0x 54C4 0x 54C8 0x 54CC 0x 54D0 0x 54D4 0x 54D8 0x 54DC 0x 54E0 0x 54E4 0x 54E8 0x 54EC 0x 54F0 0x 54F4 0x 54F8 0x 54FC 0x 5500 0x 5504 0x 5508 0x 550C 0x 5510 0x 5514 0x 5518 0x 551C 0x 5520 0x 5524 0x 5528 0x 552C 0x 5530 0x 5534 0x 5538 0x 553C 0x 5540 0x 5544 0x 5548 0x 554C 0x 5550 0x 5554 0x 5558 0x 555C 0x 5560 0x 5564 0x 5568 0x 556C 0x 5570 0x 5574 0x 5578 0x 557C 0x 5580 0x 5584 0x 5588 0x 558C 0x 5590 0x 5594 0x 5598 0x 559C 0x 55A0 0x 55A4 0x 55A8 0x 55AC 0x 55B0 0x 55B4 0x 55B8 0x 55BC 0x 55C0 0x 55C4 0x 55C8 0x 55CC 0x 55D0 0x 55D4 0x 55D8 0x 55DC 0x 55E0 0x 55E4 0x 55E8 0x 55EC 0x 55F0 0x 55F4 0x 55F8 0x 55FC 0x 5600 0x 5604 0x 5608 0x 560C 0x 5610 0x 5614 0x 5618 0x 561C 0x 5620 0x 5624 0x 5628 0x 562C 0x 5630 0x 5634 0x 5638 0x 563C 0x 5640 0x 5644 0x 5648 0x 564C 0x 5650 0x 5654 0x 5658 0x 565C 0x 5660 0x 5664 0x 5668 0x 566C 0x 5670 0x 5674 0x 5678 0x 567C 0x 5680 0x 5684 0x 5688 0x 568C 0x 5690 0x 5694 0x 5698 0x 569C 0x 56A0 0x 56A4 0x 56A8 0x 56AC 0x 56B0 0x 56B4 0x 56B8 0x 56BC 0x 56C0 0x 56C4 0x 56C8 0x 56CC 0x 56D0 0x 56D4 0x 56D8 0x 56DC 0x 56E0 0x 56E4 0x 56E8 0x 56EC 0x 56F0 0x 56F4 0x 56F8 0x 56FC 0x 5700 0x 5704 0x 5708 0x 570C 0x 5710 0x 5714 0x 5718 0x 571C 0x 5720 0x 5724 0x 5728 0x 572C 0x 5730 0x 5734 0x 5738 0x 573C 0x 5740 0x 5744 0x 5748 0x 574C 0x 5750 0x 5754 0x 5758 0x 575C 0x 5760 0x 5764 0x 5768 0x 576C 0x 5770 0x 5774 0x 5778 0x 577C 0x 5780 0x 5784 0x 5788 0x 578C 0x 5790 0x 5794 0x 5798 0x 579C 0x 57A0 0x 57A4 0x 57A8 0x 57AC 0x 57B0 0x 57B4 0x 57B8 0x 57BC 0x 57C0 0x 57C4 0x 57C8 0x 57CC 0x 57D0 0x 57D4 0x 57D8 0x 57DC 0x 57E0 0x 57E4 0x 57E8 0x 57EC 0x 57F0 0x 57F4 0x 57F8 0x 57FC 0x 5804 0x 5808 0x 580C 0x 5810 0x 5814 0x 5818 0x 581C 0x 5820 0x 5824 0x 5828 0x 582C 0x 5830 0x 5834 0x 5838 0x 583C 0x 5840 0x 5844 0x 5848 0x 584C 0x 5850 0x 5854 0x 5858 0x 585C 0x 5860 0x 5864 0x 5868 0x 586C 0x 5870 0x 5874 0x 5878 0x 587C 0x 5880 0x 5884 0x 5888 0x 588C 0x 5890 0x 5894 0x 5898 0x 589C 0x 58A0 0x 58A4 0x 58A8 0x 58AC 0x 58B0 0x 58B4 0x 58B8 0x 58BC 0x 58C0 0x 58C4 0x 58C8 0x 58CC 0x 58D0 0x 58D4 0x 58D8 0x 58DC 0x 58E0 0x 58E4 0x 58E8 0x 58EC 0x 58F0 0x 58F4 0x 58F8 0x 58FC 0x 5900 0x 5904 0x 5908 0x 590C 0x 5910 0x 5914 0x 5918 0x 591C 0x 5920 0x 5924 0x 5928 0x 592C 0x 5930 0x 5934 0x 5938 0x 593C 0x 5940 0x 5944 0x 5948 0x 594C 0x 5950 0x 5954 0x 5958 0x 595C 0x 5960 0x 5964 0x 5968 0x 596C 0x 5970 0x 5974 0x 5978 0x 597C 0x 5980 0x 5984 0x 5988 0x 598C 0x 5990 0x 5994 0x 5998 0x 599C 0x 59A0 0x 59A4 0x 59A8 0x 59AC 0x 59B0 0x 59B4 0x 59B8 0x 59BC 0x 59C0 0x 59C4 0x 59C8 0x 59CC 0x 59D0 0x 59D4 0x 59D8 0x 59DC 0x 59E0 0x 59E4 0x 59E8 0x 59EC 0x 59F0 0x 59F4 0x 59F8 0x 59FC 0x 5A00 0x 5A04 0x 5A08 0x 5A0C 0x 5A10 0x 5A14 0x 5A18 0x 5A1C 0x 5A20 0x 5A24 0x 5A28 0x 5A2C 0x 5A30 0x 5A34 0x 5A38 0x 5A3C 0x 5A40 0x 5A44 0x 5A48 0x 5A4C 0x 5A50 0x 5A54 0x 5A58 0x 5A5C 0x 5A60 0x 5A64 0x 5A68 0x 5A6C 0x 5A70 0x 5A74 0x 5A78 0x 5A7C 0x 5A80 0x 5A84 0x 5A88 0x 5A8C 0x 5A90 0x 5A94 0x 5A98 0x 5A9C 0x 5AA0 0x 5AA4 0x 5AA8 0x 5AAC 0x 5AB0 0x 5AB4 0x 5AB8 0x 5ABC 0x 5AC0 0x 5AC4 0x 5AC8 0x 5ACC 0x 5AD0 0x 5AD4 0x 5AD8 0x 5ADC 0x 5AE0 0x 5AE4 0x 5AE8 0x 5AEC 0x 5AF0 0x 5AF4 0x 5AF8 0x 5AFC 0x 5B00 0x 5B04 0x 5B08 0x 5B0C 0x 5B10 0x 5B14 0x 5B18 0x 5B1C 0x 5B20 0x 5B24 0x 5B28 0x 5B2C 0x 5B30 0x 5B34 0x 5B38 0x 5B3C 0x 5B40 0x 5B44 0x 5B48 0x 5B4C 0x 5B50 0x 5B54 0x 5B58 0x 5B5C 0x 5B60 0x 5B64 0x 5B68 0x 5B6C 0x 5B70 0x 5B74 0x 5B78 0x 5B7C 0x 5B80 0x 5B84 0x 5B88 0x 5B8C 0x 5B90 0x 5B94 0x 5B98 0x 5B9C 0x 5BA0 0x 5BA4 0x 5BA8 0x 5BAC 0x 5BB0 0x 5BB4 0x 5BB8 0x 5BBC 0x 5BC0 0x 5BC4 0x 5BC8 0x 5BCC 0x 5BD0 0x 5BD4 0x 5BD8 0x 5BDC 0x 5BE0 0x 5BE4 0x 5BE8 0x 5BEC 0x 5BF0 0x 5BF4 0x 5BF8 0x 5BFC 0x DF0 0x 5C04 0x 5C08 0x 5C0C 0x 5C10 0x 5C14 0x 5C18 0x 5C1C 0x 5C20 0x 5C24 0x 5C28 0x 5C2C 0x 5C30 0x 5C34 0x 5C38 0x 5C3C 0x 5C40 0x 5C44 0x 5C48 0x 5C4C 0x 5C50 0x 5C54 0x 5C58 0x 5C5C 0x 5C60 0x 5C64 0x 5C68 0x 5C6C 0x 5C70 0x 5C74 0x 5C78 0x 5C7C 0x 5C80 0x 5C84 0x 5C88 0x 5C8C 0x 5C90 0x 5C94 0x 5C98 0x 5C9C 0x 5CA0 0x 5CA4 0x 5CA8 0x 5CAC 0x 5CB0 0x 5CB4 0x 5CB8 0x 5CBC 0x 5CC0 0x 5CC4 0x 5CC8 0x 5CCC 0x 5CD0 0x 5CD4 0x 5CD8 0x 5CDC 0x 5CE0 0x 5CE4 0x 5CE8 0x 5CEC 0x 5CF0 0x 5CF4 0x 5CF8 0x 5CFC 0x 5D00 0x 5D04 0x 5D08 0x 5D0C 0x 5D10 0x 5D14 0x 5D18 0x 5D1C 0x 5D20 0x 5D24 0x 5D28 0x 5D2C 0x 5D30 0x 5D34 0x 5D38 0x 5D3C 0x 5D40 0x 5D44 0x 5D48 0x 5D4C 0x 5D50 0x 5D54 0x 5D58 0x 5D5C 0x 5D60 0x 5D64 0x 5D68 0x 5D6C 0x 5D70 0x 5D74 0x 5D78 0x 5D7C 0x 5D80 0x 5D84 0x 5D88 0x 5D8C 0x 5D90 0x 5D94 0x 5D98 0x 5D9C 0x 5DA0 0x 5DA4 0x 5DA8 0x 5DAC 0x 5DB0 0x 5DB4 0x 5DB8 0x 5DBC 0x 5DC0 0x 5DC4 0x 5DC8 0x 5DCC 0x 5DD0 0x 5DD4 0x 5DD8 0x 5DDC 0x 5DE0 0x 5DE4 0x 5DE8 0x 5DEC 0x 5DF0 0x 5DF4 0x 5DF8 0x 5DFC 0x 5E00 0x 5E04 0x 5E08 0x 5E0C 0x 5E10 0x 5E14 0x 5E18 0x 5E1C 0x 5E20 0x 5E24 0x 5E28 0x 5E2C 0x 5E30 0x 5E34 0x 5E38 0x 5E3C 0x 5E40 0x 5E44 0x 5E48 0x 5E4C 0x 5E50 0x 5E54 0x 5E58 0x 5E5C 0x 5E60 0x 5E64 0x 5E68 0x 5E6C 0x 5E70 0x 5E74 0x 5E78 0x 5E7C 0x 5E80 0x 5E84 0x 5E88 0x 5E8C 0x 5E90 0x 5E94 0x 5E98 0x 5E9C 0x 5EA0 0x 5EA4 0x 5EA8 0x 5EAC 0x 5EB0 0x 5EB4 0x 5EB8 0x 5EBC 0x 5EC0 0x 5EC4 0x 5EC8 0x 5ECC 0x 5ED0 0x 5ED4 0x 5ED8 0x 5EDC 0x 5EE0 0x 5EE4 0x 5EE8 0x 5EEC 0x 5EF0 0x 5EF4 0x 5EF8 0x 5EFC 0x 5F00 0x 5F04 0x 5F08 0x 5F0C 0x 5F10 0x 5F14 0x 5F18 0x 5F1C 0x 5F20 0x 5F24 0x 5F28 0x 5F2C 0x 5F30 0x 5F34 0x 5F38 0x 5F3C 0x 5F40 0x 5F44 0x 5F48 0x 5F4C 0x 5F50 0x 5F54 0x 5F58 0x 5F5C 0x 5F60 0x 5F64 0x 5F68 0x 5F6C 0x 5F70 0x 5F74 0x 5F78 0x 5F7C 0x 5F80 0x 5F84 0x 5F88 0x 5F8C 0x 5F90 0x 5F94 0x 5F98 0x 5F9C 0x 5FA0 0x 5FA4 0x 5FA8 0x 5FAC 0x 5FB0 0x 5FB4 0x 5FB8 0x 5FBC 0x 5FC0 0x 5FC4 0x 5FC8 0x 5FCC 0x 5FD0 0x 5FD4 0x 5FD8 0x 5FDC 0x 5FE0 0x 5FE4 0x 5FE8 0x 5FEC 0x 5FF0 0x 5FF4 0x 5FF8 0x 5FFC 0x F84 0x 6004 0x 6008 0x 600C 0x 6010 0x 6014 0x 6018 0x 601C 0x 6020 0x 6024 0x 6028 0x 602C 0x 6030 0x 6034 0x 6038 0x 603C 0x 6040 0x 6044 0x 6048 0x 604C 0x 6050 0x 6054 0x 6058 0x 605C 0x 6060 0x 6064 0x 6068 0x 606C 0x 6070 0x 6074 0x 6078 0x 607C 0x 6080 0x 6084 0x 6088 0x 608C 0x 6090 0x 6094 0x 6098 0x 609C 0x 60A0 0x 60A4 0x 60A8 0x 60AC 0x 60B0 0x 60B4 0x 60B8 0x 60BC 0x 60C0 0x 60C4 0x 60C8 0x 60CC 0x 60D0 0x 60D4 0x 60D8 0x 60DC 0x 60E0 0x 60E4 0x 60E8 0x 60EC 0x 60F0 0x 60F4 0x 60F8 0x 60FC 0x 6100 0x 6104 0x 6108 0x 610C 0x 6110 0x 6114 0x 6118 0x 611C 0x 6120 0x 6124 0x 6128 0x 612C 0x 6130 0x 6134 0x 6138 0x 613C 0x 6140 0x 6144 0x 6148 0x 614C 0x 6150 0x 6154 0x 6158 0x 615C 0x 6160 0x 6164 0x 6168 0x 616C 0x 6170 0x 6174 0x 6178 0x 617C 0x 6180 0x 6184 0x 6188 0x 618C 0x 6190 0x 6194 0x 6198 0x 619C 0x 61A0 0x 61A4 0x 61A8 0x 61AC 0x 61B0 0x 61B4 0x 61B8 0x 61BC 0x 61C0 0x 61C4 0x 61C8 0x 61CC 0x 61D0 0x 61D4 0x 61D8 0x 61DC 0x 61E0 0x 61E4 0x 61E8 0x 61EC 0x 61F0 0x 61F4 0x 61F8 0x 61FC 0x 6200 0x 6204 0x 6208 0x 620C 0x 6210 0x 6214 0x 6218 0x 621C 0x 6220 0x 6224 0x 6228 0x 622C 0x 6230 0x 6234 0x 6238 0x 623C 0x 6240 0x 6244 0x 6248 0x 624C 0x 6250 0x 6254 0x 6258 0x 625C 0x 6260 0x 6264 0x 6268 0x 626C 0x 6270 0x 6274 0x 6278 0x 627C 0x 6280 0x 6284 0x 6288 0x 628C 0x 6290 0x 6294 0x 6298 0x 629C 0x 62A0 0x 62A4 0x 62A8 0x 62AC 0x 62B0 0x 62B4 0x 62B8 0x 62C0 0x 62C4 0x 62C8 0x 62CC 0x 62D0 0x 62D4 0x 62D8 0x 62DC 0x 62E0 0x 62E4 0x 62E8 0x 62EC 0x 62F0 0x 62F4 0x 62F8 0x 62FC 0x 6300 0x 6304 0x 6308 0x 630C 0x 6310 0x 6314 0x 6318 0x 631C 0x 6320 0x 6324 0x 6328 0x 632C 0x 6330 0x 6334 0x 6338 0x 633C 0x 6340 0x 6344 0x 6348 0x 634C 0x 6350 0x 6354 0x 6358 0x 635C 0x 6360 0x 6364 0x 6368 0x 636C 0x 6370 0x 6374 0x 6378 0x 637C 0x 6380 0x 6384 0x 6388 0x 638C 0x 6390 0x 6394 0x 6398 0x 639C 0x 63A0 0x 63A4 0x 63A8 0x 63AC 0x 63B0 0x 63B4 0x 63B8 0x 63BC 0x 63C0 0x 63C4 0x 63C8 0x 63CC 0x 63D0 0x 63D4 0x 63D8 0x 63DC 0x 63E0 0x 63E4 0x 63E8 0x 63EC 0x 63F0 0x 63F4 0x 63F8 0x 63FC 0x F7C 0x F9C 0x D8C 0x 6404 0x 6408 0x 640C 0x 6410 0x 6414 0x 6418 0x 641C 0x 6420 0x 6424 0x 6428 0x 642C 0x 6430 0x 6434 0x 6438 0x 643C 0x 6440 0x 6444 0x 6448 0x 644C 0x 6450 0x 6454 0x 6458 0x 645C 0x 6460 0x 6464 0x 6468 0x 646C 0x 6470 0x 6474 0x 6478 0x 647C 0x 6480 0x 6484 0x 6488 0x 648C 0x 6490 0x 6494 0x 6498 0x 649C 0x 64A0 0x 64A4 0x 64A8 0x 64AC 0x 64B0 0x 64B4 0x 64B8 0x 64BC 0x 64C0 0x 64C4 0x 64C8 0x 64CC 0x 64D0 0x 64D4 0x 64D8 0x 64DC 0x 64E0 0x 64E4 0x 64E8 0x 64EC 0x 64F0 0x 64F4 0x 64F8 0x 64FC 0x 6500 0x 6504 0x 6508 0x 650C 0x 6510 0x 6514 0x 6518 0x 651C 0x 6520 0x 6524 0x 6528 0x 652C 0x 6530 0x 6534 0x 6538 0x 653C 0x 6540 0x 6544 0x 6548 0x 654C 0x 6550 0x 6554 0x 6558 0x 655C 0x 6560 0x 6564 0x 6568 0x 656C 0x 6570 0x 6574 0x 6578 0x 657C 0x 6580 0x 6584 0x 6588 0x 658C 0x 6590 0x 6594 0x 6598 0x 659C 0x 65A0 0x 65A4 0x 65A8 0x 65AC 0x 65B0 0x 65B4 0x 65B8 0x 65BC 0x 65C0 0x 65C4 0x 65C8 0x 65CC 0x 65D0 0x 65D4 0x 65D8 0x 65DC 0x 65E0 0x 65E4 0x 65E8 0x 65EC 0x 65F0 0x 65F4 0x 65F8 0x 65FC 0x 6600 0x 6604 0x 6608 0x 660C 0x 6610 0x 6614 0x 6618 0x 661C 0x 6620 0x 6624 0x 6628 0x 662C 0x 6630 0x 6634 0x 6638 0x 663C 0x 6640 0x 6644 0x 6648 0x 664C 0x 6650 0x 6654 0x 6658 0x 665C 0x 6660 0x 6664 0x 6668 0x 666C 0x 6670 0x 6674 0x 6678 0x 667C 0x 6680 0x 6684 0x 6688 0x 668C 0x 6690 0x 6694 0x 6698 0x 669C 0x 66A0 0x 66A4 0x 66A8 0x 66AC 0x 66B0 0x 66B4 0x 66B8 0x 66BC 0x 66C0 0x 66C4 0x 66C8 0x 66CC 0x 66D0 0x 66D4 0x 66D8 0x 66DC 0x 66E0 0x 66E4 0x 66E8 0x 66EC 0x 66F0 0x 66F4 0x 66F8 0x 66FC 0x 6700 0x 6704 0x 6708 0x 670C 0x 6710 0x 6714 0x 6718 0x 671C 0x 6720 0x 6724 0x 6728 0x 672C 0x 6730 0x 6734 0x 6738 0x 673C 0x 6740 0x 6744 0x 6748 0x 674C 0x 6750 0x 6754 0x 6758 0x 675C 0x 6760 0x 6764 0x 6768 0x 676C 0x 6770 0x 6774 0x 6778 0x 677C 0x 6780 0x 6784 0x 6788 0x 678C 0x 6790 0x 6794 0x 6798 0x 679C 0x 67A0 0x 67A4 0x 67A8 0x 67AC 0x 67B0 0x 67B4 0x 67B8 0x 67BC 0x 67C0 0x 67C4 0x 67C8 0x 67CC 0x 67D0 0x 67D4 0x 67D8 0x 67DC 0x 67E0 0x 67E4 0x 67E8 0x 67EC 0x 67F0 0x 67F4 0x 67F8 0x 67FC 0x DA4 0x F98 0x 1090 0x F14 0x F90 0x DC0 0x 6C8 0x E0C 0x 6804 0x 6808 0x 680C 0x 6810 0x 6814 0x 6818 0x 681C 0x 6820 0x 6824 0x 6828 0x 682C 0x 6830 0x 6834 0x 6838 0x 683C 0x 6840 0x 6844 0x 6848 0x 684C 0x 6850 0x 6854 0x 6858 0x 685C 0x 6860 0x 6864 0x 6868 0x 686C 0x 6870 0x 6874 0x 6878 0x 687C 0x 6880 0x 6884 0x 6888 0x 688C 0x 6890 0x 6894 0x 6898 0x 689C 0x 68A0 0x 68A4 0x 68A8 0x 68AC 0x 68B0 0x 68B4 0x 68B8 0x 68BC 0x 68C0 0x 68C4 0x 68C8 0x 68CC 0x 68D0 0x 68D4 0x 68D8 0x 68DC 0x 68E0 0x 68E4 0x 68E8 0x 68EC 0x 68F0 0x 68F4 0x 68F8 0x 68FC 0x 6900 0x 6904 0x 6908 0x 690C 0x 6910 0x 6914 0x 6918 0x 691C 0x 6920 0x 6924 0x 6928 0x 692C 0x 6930 0x 6934 0x 6938 0x 693C 0x 6940 0x 6944 0x 6948 0x 694C 0x 6950 0x 6954 0x 6958 0x 695C 0x 6960 0x 6964 0x 6968 0x 696C 0x 6970 0x 6974 0x 6978 0x 697C 0x 6980 0x 6984 0x 6988 0x 698C 0x 6990 0x 6994 0x 6998 0x 699C 0x 69A0 0x 69A4 0x 69A8 0x 69AC 0x 69B0 0x 69B4 0x 69B8 0x 69BC 0x 69C0 0x 69C4 0x 69C8 0x 69CC 0x 69D0 0x 69D4 0x 69D8 0x 69DC 0x 69E0 0x 69E4 0x 69E8 0x 69EC 0x 69F0 0x 69F4 0x 69F8 0x 69FC 0x 6A00 0x 6A04 0x 6A08 0x 6A0C 0x 6A10 0x 6A14 0x 6A18 0x 6A1C 0x 6A20 0x 6A24 0x 6A28 0x 6A2C 0x 6A30 0x 6A34 0x 6A38 0x 6A3C 0x 6A40 0x 6A44 0x 6A48 0x 6A4C 0x 6A50 0x 6A54 0x 6A58 0x 6A5C 0x 6A60 0x 6A64 0x 6A68 0x 6A6C 0x 6A70 0x 6A74 0x 6A78 0x 6A7C 0x 6A80 0x 6A84 0x 6A88 0x 6A8C 0x 6A90 0x 6A94 0x 6A98 0x 6A9C 0x 6AA0 0x 6AA4 0x 6AA8 0x 6AAC 0x 6AB0 0x 6AB4 0x 6AB8 0x 6ABC 0x 6AC0 0x 6AC4 0x 6AC8 0x 6ACC 0x 6AD0 0x 6AD4 0x 6AD8 0x 6ADC 0x 6AE0 0x 6AE4 0x 6AE8 0x 6AEC 0x 6AF0 0x 6AF4 0x 6AF8 0x 6AFC 0x 6B00 0x 6B04 0x 6B08 0x 6B0C 0x 6B10 0x 6B14 0x 6B18 0x 6B1C 0x 6B20 0x 6B24 0x 6B28 0x 6B2C 0x 6B30 0x 6B34 0x 6B38 0x 6B3C 0x 6B40 0x 6B44 0x 6B48 0x 6B4C 0x 6B50 0x 6B54 0x 6B58 0x 6B5C 0x 6B60 0x 6B64 0x 6B68 0x 6B6C 0x 6B70 0x 6B74 0x 6B78 0x 6B7C 0x 6B80 0x 6B84 0x 6B88 0x 6B8C 0x 6B90 0x 6B94 0x 6B98 0x 6B9C 0x 6BA0 0x 6BA4 0x 6BA8 0x 6BAC 0x 6BB0 0x 6BB4 0x 6BB8 0x 6BBC 0x 6BC0 0x 6BC4 0x 6BC8 0x 6BCC 0x 6BD0 0x 6BD4 0x 6BD8 0x 6BDC 0x 6BE0 0x 6BE4 0x 6BE8 0x 6BEC 0x 6BF0 0x 6BF4 0x 6BF8 0x 6BFC 0x 6C04 0x 6C08 0x 6C0C 0x 6C10 0x 6C14 0x 6C18 0x 6C1C 0x 6C20 0x 6C24 0x 6C28 0x 6C2C 0x 6C30 0x 6C34 0x 6C38 0x 6C3C 0x 6C40 0x 6C44 0x 6C48 0x 6C4C 0x 6C50 0x 6C54 0x 6C58 0x 6C5C 0x 6C60 0x 6C64 0x 6C68 0x 6C6C 0x 6C70 0x 6C74 0x 6C78 0x 6C7C 0x 6C80 0x 6C84 0x 6C88 0x 6C8C 0x 6C90 0x 6C94 0x 6C98 0x 6C9C 0x 6CA0 0x 6CA4 0x 6CA8 0x 6CAC 0x 6CB0 0x 6CB4 0x 6CB8 0x 6CBC 0x 6CC0 0x 6CC4 0x 6CC8 0x 6CCC 0x 6CD0 0x 6CD4 0x 6CD8 0x 6CDC 0x 6CE0 0x 6CE4 0x 6CE8 0x 6CEC 0x 6CF0 0x 6CF4 0x 6CF8 0x 6CFC 0x 6D00 0x 6D04 0x 6D08 0x 6D0C 0x 6D10 0x 6D14 0x 6D18 0x 6D1C 0x 6D20 0x 6D24 0x 6D28 0x 6D2C 0x 6D30 0x 6D34 0x 6D38 0x 6D3C 0x 6D40 0x 6D44 0x 6D48 0x 6D4C 0x 6D50 0x 6D54

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	AV	YARA	Actions
buffer	0x7FF7F2C60000	0x7FF7F2FEDFFF	First Execution	-	64-bit	0x7FF7F2C63A30, 0x7FF7F2C64560, ...			... Region Actions Download Dump Go to AV Match
sihost.exe	0x7FF751860000	0x7FF751876FFF	Relevant Image	-	64-bit	-			... Region Actions Download Dump

Injection Information

Injection Type	Source Process	Source Os Thread ID	Information	Success	Count	Logfile
Modify Memory	#1: c:\users\fd1hvy\desktop\dfylx.exe	0xda4	address = 0x7ff7f2c60000, size = 3727360		1	Fn Data
Create Remote Thread	#1: c:\users\fd1hvy\desktop\dfylx.exe	0xda4	address = 0x7ff7f2c61ad0		1	Fn

Dropped Files

Filename	File Size	Hash Values	YARA Match	Actions
c:\programdata\microsoft\crypto\rsa\machinekeys\08e575673cce10c72090304839888e02_33d770d0-06bc-47c5-8714-222cdac43a71	52 bytes	MD5: 93a5aadeec082ffc1bca5aa27af70f52 SHA1: 47a92aee3ea4d1c1954ed4da9f86dd79d9277d31 SHA256: a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294 SSDeep: 3:/lE7L6N:+L6N		... File Actions Show Properties Download
C:\$GetCurrent\RyukReadMe.txt	804 bytes	MD5: cd99cba6153cbc0b14b7a849e4d0180f SHA1: 375961866404a705916cbc6cd4915de7d9778923 SHA256: 74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2 SSDeep: 24:iVezHysv9F2Ob/87gPsoU3gMqvKHHLb1+y3RhXYKPgnYsn:xzSsv9FjxFiH0ijPgnYs		... File Actions Show Properties Download

Modified Files

Filename	File Size	Hash Values	Actions
C:\$GetCurrent\SafeOS\preoobe.cmd	354 bytes	MD5: e520ef5728ec9a96ce113475fd665cf1 SHA1: a546c3c22bdbbf797f93951f41595e78185268e0 SHA256: fefb89b52cd8ac841812c9397933c150ed44faaf5c379fbf19faf1e1eec349ae SSDeep: 6:E0XmbyCTbNZ1pzdPmxYVa6B6OA8DEpJ6eB1DBuJ15QAU/fLp63CLQSCmKx+Rxqn:EIsyE7xPmka6BfA8DEpseB1DBWUAUV6Z	... File Actions Show Properties Download
C:\588bce7c90097ed212\1025\LocalizedData.xml	72.75 KB	MD5: 90851565f15349f22e9e867ccb2f7ff3 SHA1: 0e03da5382b1b17fea8e838a65dd37b2bef7b96d SHA256: 58aef53464fe58f1a2452a5b9662269c791d214cbe9b88966d0304af3f26680d SSDeep: 1536:MagM9rXW2DFsc31Ysvq/vvE5rkFvBoJR5ZSTdqBFKzZb6WnNUQcvOPJG4y:MFM9rHDh1rvqPHNSJDoT+GbNy9	... File Actions Show Properties Download
C:\588bce7c90097ed212\1029\eula.rtf	3.91 KB	MD5: 7664e7d3746f9431f9fc95f07db110ab SHA1: 9863653d1006e5b08b5ebcb0ef6bd6db22450920 SHA256: c8fedccde510510080ad22c8cb546d4c88b8879d4115926f112f88a5acebbb82 SSDeep: 96:FSKkQHJZs2SMydGvJOyRa7kzGpLtSXC9lQpn7298w:XJW29OGvJOy6kzGpWqQpn7298w	... File Actions Show Properties Download
C:\588bce7c90097ed212\1028\LocalizedData.xml	59.67 KB	MD5: 767160241d933110f0f0a48558cf519c SHA1: 4248928ab88fb087ad80488716555959809097ff SHA256: 9464fea4074771ad8fe9ece0bf5f873277742f00d5cf7cbd16a909b13897bf55 SSDeep: 1536:vmStC2W/YFHA288VkPU7JkpSVYMHAD4nEqLgCtHQ1C2NjLDO/y9V:vmUy2A2LVJkAVXEqLguw1C25Sq9V	... File Actions Show Properties Download
C:\588bce7c90097ed212\1031\LocalizedData.xml	80.69 KB	MD5: f628e67c7d136ecd6837d785e2de927c SHA1: fe68f304b885b46a7b60df303c9efc6988b85c0c SHA256: fcd3765b3f2901f078db5a82e9392018ca96ec370a8b3466c10ccdf8807049c0 SSDeep: 1536:sTZygi0l0z6tqgagIDBQMz/S+vaubZ1ZaXMe9RzKYQV:sTZyjZy4DBHTN9bZ1SRVKYQV	... File Actions Show Properties Download
C:\588bce7c90097ed212\1040\eula.rtf	3.83 KB	MD5: 1471cac8e82c40a3c577e19888eaf875 SHA1: 9aa7009857f2dd7f79f8a650aa11123da9f777ce SHA256: 06dc471350f6976d52edcc1858828a8e9a963f48ed2385a36f6ce5ae93b2d75b SSDeep: 96:da1RYF183585d6pX1x6+XgeGT3A++/5WG6QG8+QZcuRwxJ57aoI:dY4P54R6+XIbm/5WGdjwJNI	... File Actions Show Properties Download
C:\588bce7c90097ed212\1038\eula.rtf	4.42 KB	MD5: 9b7571594c0a289f274bbbec4458e3e9 SHA1: 1e83b8b5e0e8b5790a391f8b88712b4c54bab071 SHA256: 56b68bf1438b5d7d9dfdf7e5ece1956ab983903e70fcec7b2d55cf42336bcf09 SSDeep: 96:jmzTEkI4n5PW1yZwOnWh7KIhmdCeZFA5JW7YHmQS8vEm63kcgJG+lC:On5PW8Ih7fhCfLYHmj8cb3qplC	... File Actions Show Properties Download
C:\588bce7c90097ed212\1037\eula.rtf	6.97 KB	MD5: 69e3658475ec62299257f871bd697b52 SHA1: 7b66ccf918e3ba9060dd816af70f3306ead5efea SHA256: 06c9071e540c18a7aca449f77131f61aec0473d07ec7b2233a72265ce7b1322d SSDeep: 96:9oavXzKzcid6NVNvbJzopZi2M3eQr2u7JCjRvNozrjK52sbFHmZgwH:9oqjjNVNvFoN/cTKx0X	... File Actions Show Properties Download
C:\588bce7c90097ed212\1053\eula.rtf	4.05 KB	MD5: 0f913d57b005f9c196a27bfd6a1d7327 SHA1: 4cfdb91c2291376d2a6a6cd4e8e466363f25b3d6 SHA256: 62b21b730181de9f3e1480865317d4c8ea0a27855f88842da6746ce8981ae02b SSDeep: 96:bvY7eO6HH0Pwli5qNtDmEw9SU3+cDbJbEPinsMRLFLZ:bA7a0P2DqwWbEadJLZ	... File Actions Show Properties Download
C:\588bce7c90097ed212\2070\eula.rtf	4.19 KB	MD5: 036e8888c1610ae696392b1108066d2d SHA1: 3ec6033729af50b4ec69bbeaadf7909a6d3c07ad SHA256: 25823837fd693979f75c797eae27569fafe515764a5d9113d41f40cd7d6558c9 SSDeep: 96:1GMeiYL8us4EGr+228D2aWwnCVWgzutRLK//k/o9LaOF:kM4L8u5rd2a2gnXtRLLa+O	... File Actions Show Properties Download
C:\588bce7c90097ed212\Graphics\Rotate2.ico	1.14 KB	MD5: 8a307dac99e93004c6d16073c2be2f31 SHA1: 445bafc9f4d0a82542b22cd98551af055e7b654f SHA256: 367b8499f33255ae1dd7146aff502095ecfa09597202f7949b22a0c292a0c730 SSDeep: 24:mLjAk4I2vCWLVs5JvnSujV1PO+orE1v658y748SQ/21al:0U/IRWR4xSuRlOuQ5L0Djw	... File Actions Show Properties Download
C:\588bce7c90097ed212\DHtmlHeader.html	16.02 KB	MD5: a55ebcc958a5e50beba316ab19a491e8 SHA1: 8133a1e2a11bd732b606b3aff2cffd45f0d2014f SHA256: 90ed7f619fdc095639e129bff7d02a174e743c4704092f29f3b05b51fdb49afa SSDeep: 384:5/Dhko4vTeC0nNnZPM8WVh//f2tEbRid1hhke0cACvTYgE1:thkoE3knS8E/HlbRiPhhk5cACrVE1	... File Actions Show Properties Download
C:\588bce7c90097ed212\Graphics\Save.ico	1.39 KB	MD5: 3770200e7784c6462a5ccfc53f67e19c SHA1: f4e868aa38f4f655b11886919a2dea61b14d8442 SHA256: 08bcde2101ba9b947d8c2b428276ce1d0ce5ec2c4249096b8efcc64d5c83b121 SSDeep: 24:iR3sXTi7zsm1Hsg84WcFsZfJkI7jNKDcgdzEftrNmcf9S0jRpESznoX/dxpGP:ilsmF514RkI7jNhftxf9S04XBGP	... File Actions Show Properties Download
C:\588bce7c90097ed212\Graphics\SysReqMet.ico	1.39 KB	MD5: ee8fab1a384b2ced62f5c2df7fa19d80 SHA1: 54cec55a59c27200d7db0cdf0c9fa8416449076c SHA256: ce1ac1e4d7a518204162af21013cd202a87ad956ca093633f68f838704fc0dfa SSDeep: 24:rP2X3uWClNp7q2kLV1lLaf46I+T23GtiOtHfurbcE+zJkNkw5Uui:fp7q2kLVGfJI+T25O5fuPIckw5Ut	... File Actions Show Properties Download
C:\588bce7c90097ed212\ParameterInfo.xml	265.94 KB	MD5: dc44f2e75a1d98529dc36b79562cbdd9 SHA1: 18c48960b929f7476000ed893a1d094dc6ac878b SHA256: 7db6a4c35d156b533039bf4b8c715dd7f18c9786b850544dde2ea9e67ea26661 SSDeep: 6144:cdGc7nz3pVgn74ajVeA9d8hhES/K0Hj55a:cDbz3pVgn746Xb8h+P	... File Actions Show Properties Download
C:\588bce7c90097ed212\RGB9Rast_x86.msi	92.78 KB	MD5: 63237301ca9094ef2be45cf073a50e0c SHA1: df30b56ed24ba93d7b089afcea93e77c295ee83d SHA256: 981169a3306aa9febb0d7b9062a8b211594ee5e55db6073238455c8ddfac8a02 SSDeep: 1536:k7t18gubTUntFUnKxuwGi12oG+tyBaCf1tElxaMHQs5SryFbgZgg4H:blntKxR2207f15MHQs5S8gZgg4H	... File Actions Show Properties Download
C:\588bce7c90097ed212\SetupUi.xsd	29.69 KB	MD5: 5caecee36f26433c229ca71627d268fc SHA1: a4c7e2467da4641ff6eadc0b996b89c92e31d9a7 SHA256: cd94e84ba09e8984f6052d3ea8e0bdfe2fb69883de18e9625d86492f01c983ce SSDeep: 768:ZQSlL0evlZCqml54uLoJgQruMstwl1Cyz2uyPxd0if5ju76rPhd2:ZQSlLJWbtLv9tyLzuPxd0if5ju7l	... File Actions Show Properties Download
C:\588bce7c90097ed212\watermark.bmp	101.91 KB	MD5: f880d456a13a11a01f1f0a85d81d31cb SHA1: fa7af5a94299c1318ad22dd98f9e92ed5696aa70 SHA256: ecf252934b51199e8f75ac36086b555edd8896a9f7bcc917ff2072d9d3eeddba SSDeep: 1536:E5sWImTbak4hVOUGW1dCeBGshRiPcADmZMm4/CGeiYvLZHk5wnS0mrtET8MawGs:E5sZubDuC6hR9AvhhSvN88S0ntxGs	... File Actions Show Properties Download
C:\Logs\Internet Explorer.evtx	68.28 KB	MD5: 6c0826857b8b7978c18dff8d2e007631 SHA1: 4e461e7f4994d655ebce825ee218a1a1e15fd611 SHA256: 46affcf691af809ce0277afaeb28a613ff67d9cd5877663123a4192c36b5a2e2 SSDeep: 1536:OblDZEamB6iTJtyYiZOA4INRcnw6Ofm+tio30vU8vsrmo1PT3:SDCa5EEP4INRcufm+tkv8Ko1P7	... File Actions Show Properties Download
C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log	6.14 KB	MD5: 62417b82e38da06fbcc01e1b0fc0e823 SHA1: 165fce8fc3dce5146e1d9130aa89e94139b0220f SHA256: 9d39e842727ff3608b7f0bef65c05376756c725803c72ece5de6ceeaff81f064 SSDeep: 96:/o2FSxvkNSAqYaROkmd5XYae4DsDqTJsVI+yHyjKnlNtbcAjUt+LHF3r/Gy57Hmp:DAAqYwLHK6VINtlnXw+JpDrUL	... File Actions Show Properties Download
C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd	866 bytes	MD5: b8350b4cf9d8578888af3a4f18984b70 SHA1: b1c9309d46f2d7d8f1a5b775777d516e5c35f1bf SHA256: da2bcfcc0a177666e08afff83d780e07699b8ff9e8e74f6833692ef1487bab22 SSDeep: 12:PeBfdLWRP07e77tlheiXyfwkPrRyO6d+6Lx8/9poiZpi4NxuBfe3JW0d+6UtfbEV:P2dLWRP4q4iAyOKturo0RNT00c6UtgBh	... File Actions Show Properties Download
C:\$GetCurrent\SafeOS\SetupComplete.cmd	594 bytes	MD5: ec16466493a84858cc288225b4d4da80 SHA1: 33f8aa50789d38254e821840f2c16780717d77b7 SHA256: 67b1886fd1dee55de36ecbe34e2561f13095b83014eacd1ff008193aa3a6a668 SSDeep: 12:PjgcAUlMrEmh3wvooZbwmJ2AkVn8/PTrqXv1ZX+L9ot3n:nAU6ZhR6bwm4AHy3XW9ot3n	... File Actions Show Properties Download
C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log	41.96 KB	MD5: b3813738ebf0fd11ab5b3ddd780ab0e0 SHA1: 0d284148b0c14aba6e8f2e397017a5efcae96330 SHA256: 491d80a9d6158f425242786c5953761056774ab8118a56df0929a632f185c0cd SSDeep: 768:WLuihYnXFrTVFltYAIspChtUn1dj6eiSiAe2X8w6Y3Q2P7d0dYH4p3hUP0L:WLuihY9tUsw2e2X6Y3jQEN0L	... File Actions Show Properties Download
C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log	322 bytes	MD5: 553bae5835f402a34e87a5d419042f5b SHA1: e50388d3fea13c1d33c292c26b8d04cd1715fc1e SHA256: 9e579642625d68168706868a7f79e8085a0f17f48e332100b7b6d05492269181 SSDeep: 6:vVpNIYoTxNllwG8NljEsewFihkwX6GJqatV7+OgVfLdO5fV8KXf+BgSoN:v/Ntg8G8N5EsePr6in7gVfLdUfL0+N	... File Actions Show Properties Download
C:\588bce7c90097ed212\1025\eula.rtf	7.66 KB	MD5: b3613e507b36ce2f11356037addcae1e SHA1: 60832f2bbeac9dd6cb9738fda58191521a46f976 SHA256: f835e8d2f1c461f8d6cd2821863cf962cd3521d9a8304c2e85891fb94ad8f5e1 SSDeep: 192:3qhn9gmGqL7dvRO+Z5UH/88KDYVRG+q+vaAy:3qdKLmhvd5OoYVdqmQ	... File Actions Show Properties Download
C:\588bce7c90097ed212\1028\eula.rtf	6.44 KB	MD5: cdf738495eb714d29bd6e35f855e5050 SHA1: f3b43891530369d4f3fca2dec876f5f7f9bc6bcd SHA256: 849288e153cfeb5e4d5bb69a657edd0366e6f7a5923c277d7be11312b1aa357d SSDeep: 96:EyZ+5rozd0GWnYoL4rWfIc0qSWGnU1WAGpOKQo7/mgKlS3P8d2qSPGln/czFsIi6:Goybp6qCvD4dwIY/D5P6n/JFSV	... File Actions Show Properties Download
C:\588bce7c90097ed212\1029\LocalizedData.xml	79.35 KB	MD5: 9f35b0d0e878ef9b64e31ee4a98267b1 SHA1: 927101989421b6ce012412419769daf8ea4c1963 SHA256: 2b5a62eceb936a3294f42bfe11ca700501e772023c39baf44cd61c2f558ca70a SSDeep: 1536:oZEai5eLRjr3qKTPzsxtznHoDf5i2IZPZWRIPGZn8sPyAuGFk791EHU2NA:oiaiMLJrZTwjznIbI7WR6YhqAuuk7w0t	... File Actions Show Properties Download
C:\588bce7c90097ed212\1030\eula.rtf	3.52 KB	MD5: 5cc4d297af9ea2130f56342e21ecefba SHA1: ccf35412155c777e6d69fb46de42445d9917da3f SHA256: 1a64cbe9cc753ea00952aa958ec937169d066d3b55fda30a4d1d47d07961cd54 SSDeep: 48:GmZRyvdoE90KV1wc63O/IS9IjwHXZ72rS9nArN0HtpC4tRLT4Fw733RXn0Iz7qje:GSAoE9NVhacZGPrimERR7HRX0ICF/DH4	... File Actions Show Properties Download
C:\588bce7c90097ed212\1031\eula.rtf	3.61 KB	MD5: 7dea2838b17b4409208f5ef8d33d82f1 SHA1: ec8915e0afd8a6c0a2062982f6c226b1777c9af8 SHA256: 670dc09637076cbcbf3bf760fa197ca82f3da1cd00542f451a656d2757f23e8b SSDeep: 96:aVkCDsSU8WB+e4NMvKocEhep4tlt9ajavQz2Xzc:ax2B+e4NMdGp4tc5zx	... File Actions Show Properties Download
C:\588bce7c90097ed212\1030\LocalizedData.xml	76.21 KB	MD5: b441f21a989d5192f3517c7d969e0b1c SHA1: 76a7516d9e7891fcb1ba13c18c0590449ed3eafc SHA256: 0cdb876cd076c6f4bd7ff510a396e6143351027544cd04658750d6e2610ad3a4 SSDeep: 1536:QercUmG2TQUjaVcF2BhsZRg6SdiQT53hr6LBGT4keFTZ2lb:QeIbG2TLjrTZRjSoc9hr6LBGT3eFTZwb	... File Actions Show Properties Download
C:\588bce7c90097ed212\1032\LocalizedData.xml	84.53 KB	MD5: 8902522501dc5564ea171004260a948c SHA1: 30e34342fe4cb5abcba1625b43d93c496e6e7aab SHA256: b0f4890f461b94eba9583183f08bfa2074c6472193675cab4a068067863efd9b SSDeep: 1536:O9gTiXeNXKlSG4Yco7zgBgGtpCoNejEsgRIvM/I2UoRB/1:OpXeUlJco7zMgGtpCHjEsgRIvM/I2Z/1	... File Actions Show Properties Download
C:\588bce7c90097ed212\1032\eula.rtf	8.94 KB	MD5: 96ad98e0f2b014d30974dac3878ebf7b SHA1: a568937503fbe4d8edb448e87d2546871ab9579d SHA256: 3cdf5bec01877002ff00bdf91b5c46f0fe11e4abf55d82e13913d72d6dcd84d2 SSDeep: 192:BbuVlNv+pMnJr96TFAHoe2+QBL+TIsnTn20pW:9uVCanLeyoe2pGnNpW	... File Actions Show Properties Download
C:\588bce7c90097ed212\1035\eula.rtf	3.89 KB	MD5: 4252a8e2307dc3347af31d0c8f9c03af SHA1: 286d02acb1979070d12d113cddb02b39c7ca008b SHA256: eefdb1abf4fad17350ef1834483f098fe542f9258a65aab177e82d5d29232487 SSDeep: 96:YKGcdGL6nS3CbVtey7uDgCUvwqEbmosyUbbg3HSNlNXoGc:RGypLCYKmosyokS/loB	... File Actions Show Properties Download
C:\588bce7c90097ed212\1033\eula.rtf	3.39 KB	MD5: dd1983f11923012788555660876b9f1e SHA1: 3356a02a13ebb351f1f7be4190347d16cada8244 SHA256: 2355ea88daafb4135693c9fcd36def87941581492d42b7e148df58d98af84935 SSDeep: 48:5GBF+TMU3wcg3S033eX48C7+/edfKCgeA5sClVX02qmHkOj0SuvIzjBu:5GB8p3wBeXIK2dCe2EGjxuAz9u	... File Actions Show Properties Download
C:\588bce7c90097ed212\1036\eula.rtf	3.72 KB	MD5: 65a898818f52da2d389d2b02ae055adf SHA1: 369d97b033ce4eff09906bc25dbff9fc6826813d SHA256: aee36799af850582a0b5f4a32ee386d47370cea856a68fb0185edeedb860ef62 SSDeep: 96:bS4i7qc1wBkkWCNvGFsduNCUSSOBndQFm:bti7qX2DCRhijOl	... File Actions Show Properties Download
C:\588bce7c90097ed212\1033\LocalizedData.xml	75.71 KB	MD5: 91c492840e87d1e992e0a9edba85bfa5 SHA1: 9f8f2d22afba41af6164cb2e01a20ae4a7985726 SHA256: b9e3abe86e6d3e84523974a86b8c457da9e4e977e9106589ec257334ce567e80 SSDeep: 1536:gNUdZhmNtuX81weabgFfQu5VgDfy91um2xPAKUqh+awRSEuBkM:gM0NthasJQMVgOhmYKUqhIMpkM	... File Actions Show Properties Download
C:\588bce7c90097ed212\1038\LocalizedData.xml	84.69 KB	MD5: a2e667d7f3feeb32653111dd2702babe SHA1: 5e35f21eb8990540a47eeb3bae680efb44dec8bb SHA256: 24cf68316b24eb9a25dda29cd6b05c197db16523203c38a7ca20556f19ab17ea SSDeep: 1536:cjyC5bB+xPT/MYkaB2bnDy9jp2AJoFA/lLbIdP9qhmyYHlssoqwa3GZEE:cjlbBKPzMYkpbnDWUACKxYPSYH7oqwaU	... File Actions Show Properties Download
C:\588bce7c90097ed212\1037\LocalizedData.xml	70.66 KB	MD5: a59f4cb84aba600c17ddd51ffa04d93c SHA1: ae97a73bc684f71357d9d98388e7f56e22fcf22f SHA256: 56e52bda4e0c535358040d1cf21c230d555d5c13ac6f9b61c84c923cb340ae02 SSDeep: 1536:HIU8ZVdwibfRvGPW00Fg9Mu5/bNtMj+mrQBSQ1vCf:H1ILdv4WFg9VJyzra9Cf	... File Actions Show Properties Download
C:\588bce7c90097ed212\1036\LocalizedData.xml	81.30 KB	MD5: 58d5fa49527b926ed468a026194716ff SHA1: 1e628b57c4550861d0131df2e6952dcafdf6a43e SHA256: 41fbc5c056ae71a1dc647c33ba6fd0b206dbd849a88b3bbbdbd19eb8593963a8 SSDeep: 1536:gkRAjPyPBPk3/F2W/vhlZy0KxYbkGQ4MaMuf3gv9UJ/vFl5zH:3AjPy83/RpfyNYVquf3gv9UJXFzH	... File Actions Show Properties Download
C:\588bce7c90097ed212\1035\LocalizedData.xml	75.49 KB	MD5: b2796ed0ea4eae6dce8fc93422ed9412 SHA1: 6ae42db29ffdd054f175273d78aa0c468f56a65a SHA256: b37f8c7feb38d2199cae2abdde6f1396f53fa3d22e30282c154b4c14eed9c65d SSDeep: 1536:FL2Pv4Osw8T4GL9LQ/R/5SG9LHjdOM1EckW7lrbpZzj7fWrFhE4T1vEp:IPv4Osq62hBd9SnW7dG7Es1S	... File Actions Show Properties Download
C:\588bce7c90097ed212\1040\LocalizedData.xml	78.46 KB	MD5: 5021deb7a831e80d5b3ea7713c79ad75 SHA1: 1a49d95a0e480b444a238b0d64a68e972e21d4db SHA256: 8155b5da4d8297062cb6b19506c559f3987c698f51ae6b868200c9b53fea20ad SSDeep: 1536:e5GDta9wkrDFfgwJORhmwUH1o6NUB6/CsCJwzk1mhRl6czCu8L6dqLh:AGD+1VfgwJOxUV/K6QJvwmJL6dch	... File Actions Show Properties Download
C:\588bce7c90097ed212\1041\eula.rtf	10.16 KB	MD5: 632c706b87f44c8818bde276eaa56543 SHA1: b2ef17d5ccc923de10dfd692748fe6ecb185a195 SHA256: 1631687f9720c223a089199441f1e8fcf368e37e7897c41899b29da9ab1c99ab SSDeep: 192:7IJVc5EIdGvjhCB7oNqhZxVyOu27KuvL3NUj7ZjIciiLL3zyTxX:4cGI9B7oSjUOf723NIc/zi	... File Actions Show Properties Download
C:\588bce7c90097ed212\1041\LocalizedData.xml	66.91 KB	MD5: 5da4ce890d6556bec78cf86cea097acf SHA1: 97abfe3de533fb9a4cc3d2f47fe672a8c907749c SHA256: 54ca7d955ee9ec160170e3dcbcbcebc038596368afa881693b0fca48ca68d133 SSDeep: 1536:ees7T6ROUVx9qOAzyBPzbnWqGNqebHLJVjUzB1yXhNo9CmWDenn:E7GROC6zDqGNh3Jhmkf0vn	... File Actions Show Properties Download
C:\588bce7c90097ed212\1043\eula.rtf	3.74 KB	MD5: 3f6f2f780e118fa330812ba59eda6288 SHA1: f5ccc1cf4c98aa610ebd236d59722ca0c207fec9 SHA256: 9f739f272c91cc90e5e74299c1ed306cf48f665188e8a237d13913b08b87c6d1 SSDeep: 96:tL6HhELkWOkbreZGZi0Qvjripljq3E0yjwMLh:tLYiLkWOk0GXufAlW0H0W	... File Actions Show Properties Download
C:\588bce7c90097ed212\1042\eula.rtf	12.66 KB	MD5: b94a3d3b52de423cc9ccb42be4c998b9 SHA1: 5eb86728db3b41c1f8bade248d360033f142b6af SHA256: 4c45c51155172d94e36f628c5bf9a08daa86ee52c810e6bb7a0d65f19d15e88c SSDeep: 384:ajuiPGb4fk1uT+Kz8TIOA2g4A83TYVbNzw1eHAq:ajpPlc0TXzK7AWA8DYPE1eHAq	... File Actions Show Properties Download
C:\588bce7c90097ed212\1042\LocalizedData.xml	63.99 KB	MD5: 55e5e2d5ce9b93b29712ca568e23b8e6 SHA1: 567c6ebfea5f2174d39da3c8c143337cdbd7e50a SHA256: 1947ff6a8e15679ce7852b54dc95825d28fbf4af388cf678622fe5ecee478d51 SSDeep: 1536:l9o2EDhamVaPxSl4GKXzGgC2NNWV0xdJQxrJYxnz:ItFamqx3G6z2V0xX4rOz	... File Actions Show Properties Download
C:\588bce7c90097ed212\1044\LocalizedData.xml	77.72 KB	MD5: 769caf6279284eb607e943bc71a275e0 SHA1: efed7d3eaf4db52bb194ed7a4abb880b8c01fb4f SHA256: 7c64d53f0edd0b20c38b240d54c041a49c7ba175de63bd44cd845590edcdfb56 SSDeep: 1536:PVgaH7qOgbxtioT4se25XbsQh8DENMVjmY6V2pLqyCvW9MAn:PVgaH+OO0oEW2IzY6kTSsMy	... File Actions Show Properties Download
C:\588bce7c90097ed212\1044\eula.rtf	3.25 KB	MD5: e6c9563c3190a3bc35ceb88e96905988 SHA1: 08184cd25d958aea38a469924e2879f881af140e SHA256: 3a37abb35807a380794581af6a0d456dcaac0615477e34c06af840cc0dbc1507 SSDeep: 96:9rM9HuOcFtFq1/DMUrwU/sfDqnFDB+YTMkIc6js1QZzLo:9GHW7FibjrwVfDeFDwoMkIc6juQu	... File Actions Show Properties Download
C:\588bce7c90097ed212\1043\LocalizedData.xml	78.05 KB	MD5: 24c2c9526f40b8921c8319a42a23d07b SHA1: ddd36da9879164d9509b9a0a2a254fba4d4eb298 SHA256: 52c7e734526358c3e6780dac9ce67e0a99696983b6df99a2ac1521aedaddeef5 SSDeep: 1536:bIa5Me4MuNxW3AnJ8684F1+xkLtR6sg2nenOb2jMk/28Rr1ti:0a5MHjxiAn+A0kLtos/n+824kVRr1Q	... File Actions Show Properties Download
C:\588bce7c90097ed212\1045\eula.rtf	4.22 KB	MD5: ab7b88f5584bc3f0a075674a9067f378 SHA1: b95f5545ac41eeb47142be66d1caa5ab8b8c18a3 SHA256: 0b7e165e52407109bbf3b72a38db29069aa61e7c9252ce36307eeefd6b5c9b5c SSDeep: 96:0xaXJ0SRipuHS8R1OUQ2iyK3AP8VyiCL3Vg3r4xD9Lswx:0apRi0dR1OUMyd4yi63K4xT	... File Actions Show Properties Download
C:\588bce7c90097ed212\1046\eula.rtf	3.88 KB	MD5: 914d139f246dda61ad1c204778bd1010 SHA1: 93a33d4ec5fc1e356c934019afa2899c39fe1b79 SHA256: ef05eb0c4c62cb7f7d4fcc9eecd895f8bb446ea7f7a1fc41a2cc6b50b4acd464 SSDeep: 96:BqAt2moMZE7bWd0v1z7W5yVjCqlLnlLTkRroJ94/I0:BqxmoMZHA1zC4Cundero0A0	... File Actions Show Properties Download
C:\588bce7c90097ed212\1046\LocalizedData.xml	79.13 KB	MD5: b827ce337fcba933c8df0dc1ae346185 SHA1: ba605b75e08a8c6a8727d4fbf6ed653db2d12f3d SHA256: d775b61c7688962bfc9bd93c196a1ada0470d178876f5ff9d730a7c3c53bc16e SSDeep: 1536:p7l+rKiZMsvfacNAm5p5I7YN+UUMS3jy2fbrqj14P8Hxx:phbGqGX5IkN+UUMS3jjATHxx	... File Actions Show Properties Download
C:\588bce7c90097ed212\1045\LocalizedData.xml	80.72 KB	MD5: 7560a4111745c65b6cdaa196bebde1c3 SHA1: b677bc3493cf2f52c2eef77130bdd28f77c25fca SHA256: f750b82242ba1827f5f9a1a0d881fa95d99d7d0e3110f1fa690731cf0fe71bab SSDeep: 1536:Qe+uJlgeQMquBdLA/xeFN8GbC577/B/ck/pfgcW6huVIjBNGF1KvBv:QZQgMwxePKhB/ZC10uVIjWF4pv	... File Actions Show Properties Download
C:\588bce7c90097ed212\1049\LocalizedData.xml	79.85 KB	MD5: 3fd5ab81199ca33690525bff4eeef20f SHA1: 47ffaed4b139868670163bd57ab1188ced7c44fd SHA256: 0b5556aefb4f2b52d7767f7bf2c4724c704d1ad6f056876dc06dc0545ae145d5 SSDeep: 1536:/dmp/hhQDDrPS9krgwAp4J4dAvMzTBw7VAd9twdtzNdTZ9b6JuZoSobsn2qa/:/0/hGfr6ie4J4KvMHa7VAdMzHMSom23	... File Actions Show Properties Download
C:\588bce7c90097ed212\1049\eula.rtf	53.46 KB	MD5: d759f21ee0cdbb86585f1daf491bd082 SHA1: ebf3222e62c6b5ab5ea13a53890b11b0180b19e3 SHA256: 5015523524e829abe0fd67a88f794500708ca68cd8c801bbaecdd69c1f3d3b69 SSDeep: 1536:M7gLW0vYzNBPneK9af5AGgnvRtcliHCjeWTk:M6W0vYTeKQ5Kn5tuj8	... File Actions Show Properties Download
C:\588bce7c90097ed212\1053\LocalizedData.xml	76.14 KB	MD5: 558479109a180a3c47389105692e4dcc SHA1: 4084070c6c451e9b776fa413e56e5785bfe09913 SHA256: 420ececf26e7c011a15d42e09e125ffa7c2249388c7c2a47744a1d189a68984c SSDeep: 1536:fiZ7UHsHxgcWsqfsfpYPHo+fEG+HX6JCnAd6iYnAUHTDlwYfW1qdUVr:apHxEsBpsIAEVXwkE6iYvP7K	... File Actions Show Properties Download
C:\588bce7c90097ed212\1055\eula.rtf	4.05 KB	MD5: e36f5fed89cadb3d198345bde13e8669 SHA1: a0901b3802ebf025ece89b651b640acb9b9a3d01 SHA256: a6dc27515b95240ef515b028a24e55409c61823697fe507a6a9376ea8fa21094 SSDeep: 96:QaX2EvldrkCWP/IwhTf3FmXfd+KPMQdXrbY0kLq1UxKjuju+:v20dzwV3FaprbyLBUuju+	... File Actions Show Properties Download
C:\588bce7c90097ed212\1055\LocalizedData.xml	75.30 KB	MD5: eef784b5608f7ee9438ea2b655720944 SHA1: 9c8176a5c64341fd234ef7dd0122332b449e9a6c SHA256: ad53dd47a12e5fec02dcbcc27d9702f34465534d92ac5d4526cbb98313f5431b SSDeep: 1536:HUvtKiKBMxs+Q8gFwEDYdwgs6ml7Oo/c6QKaAl8E9SfXduOoo:qoDZ8gFwEwAfl7pQKaA5SfUo	... File Actions Show Properties Download
C:\588bce7c90097ed212\2052\eula.rtf	5.97 KB	MD5: e8b5acf832a92f8302beb63a0ca900c5 SHA1: e193eddcf29be3a57acfa443497585ee96cc2de7 SHA256: c7db81bcceb4bb80f0130e238e46e28e023c21de783226d602613cc33e880d88 SSDeep: 96:nN28v/XpgNv4+jXrAN+nE8AEgFGO9h1Eo+Q7lIYfAUZ25Y56uh+9:N28v/cQ+QN+tO+o/7lF4UIO6uh+9	... File Actions Show Properties Download
C:\588bce7c90097ed212\3076\eula.rtf	6.44 KB	MD5: 24bcc46702612b8dc9245ca229281eb9 SHA1: 82ad893699c17a81ef45a4e335f2669a48f93df1 SHA256: 8e4a733f909a3cd3fbf639aa3f196fe20671d15f5e3173f91dd2c776ea22e313 SSDeep: 96:zPqe4P0udpuVXE1k2/tmzwPcWw/bT3SnlfBI9i56kZaTnljA4aWbhJHdul6bCzeC:zi59/Tyw6j7qlZXskZaTnlM4lq6WqCLb	... File Actions Show Properties Download
C:\588bce7c90097ed212\3082\eula.rtf	3.27 KB	MD5: 7eb5d1c50546d378df27c34892444210 SHA1: 476324dff4565c8f69c118c23368ac73996a491a SHA256: 04892bbc3847933e2f8d1314dab3f6e119b5700f86a28b3a4118b7c8d4601428 SSDeep: 96:rjBkJSJwTzSJJMA3CFWLxufFSPYaS+4gZoG9I0dp6AnAvk0Q:nBkJS42JMA3QWLx2FSogWGvdp6TMn	... File Actions Show Properties Download
C:\588bce7c90097ed212\2052\LocalizedData.xml	59.53 KB	MD5: 745dd6c8fb53c4e8437ffb3b3a56f57a SHA1: 7ee91f82e5ddeb26eba2494fca683c53c469920b SHA256: 1138d6c0773de33993f768c25ffda3efa502b00bc860c1d57cffedf54885c8af SSDeep: 1536:hr+GJYUwcScQdk9kT8xokf9Vtk4iH0JLznP:tYUdQdKC4iHM/P	... File Actions Show Properties Download
C:\588bce7c90097ed212\3076\LocalizedData.xml	59.67 KB	MD5: f269ed996c2ff8162c4e50813a1e09e6 SHA1: b2779a20156e1fdfa52f433f84a15308511ac96b SHA256: 90070c0f3a9e6e04e37fd6cef00a807f857ef16b3628938cb0222ac9a940d310 SSDeep: 1536:yTtApR3cFNPEKt1biR1PJkoeBwweacQxLKOKmkEv:Mx2Puo1CKO/v	... File Actions Show Properties Download
C:\588bce7c90097ed212\2070\LocalizedData.xml	78.64 KB	MD5: a158463030b739b1cdff64624d2e4b5f SHA1: 0e925902be657209f341a99a99d8bb0959edf8ca SHA256: 5434179fc29c15d350ed36c8650ffa7685ab9068fcf9e9756e415bc668bb833b SSDeep: 1536:4gLxya5lkct66w+Og/qQLyiA3kaSPg/Y+uC8E5Fdq4NQ7MZIXjMdVttsb5:4gVygS6w+V/qQL+KaPZQAZIXIXS	... File Actions Show Properties Download
C:\588bce7c90097ed212\3082\LocalizedData.xml	78.39 KB	MD5: f3eb90af23e856aab758f802964e1205 SHA1: 3630410f19ae706d7515361f370e1cf9f4796bb9 SHA256: c4e23f58fd42a6c257a824458b1dea078a9da87bcd81a42872086cf6446e5f52 SSDeep: 1536:wFS+LcjmEGWm75+pC4UdTI77hWURPQuCviXU2eBDLwPbcM1iL4y/KEkhFkv:w4xjhTpC4Uc7hWURPQIXciJmKDyv	... File Actions Show Properties Download
C:\588bce7c90097ed212\Client\Parameterinfo.xml	197.35 KB	MD5: 8a13be662c9a6659a4d330652b8da272 SHA1: 2195155fd99de270d472d8438cb9481b05b84755 SHA256: 160f7cbd3c7046a79dc3c9354b82702f5f3bb86861cf746e01b29a9a3703ef3f SSDeep: 6144:9bKokZI38G0/QnwX+g6iurSLnfn5lanH2yOW:9WoIIMDMi+g6iurQxl4MW	... File Actions Show Properties Download
C:\588bce7c90097ed212\Graphics\Print.ico	1.39 KB	MD5: e3e76e351b0b2a6c2927c2782653912c SHA1: 93a9ab4a4aebd55f03008804704863854ee81b15 SHA256: 3d2cdf6931f7479ce25d277e39dde2e72ac67ea1607d00588a0d911b3e5e6a60 SSDeep: 24:o1KRbMX3aZZ+uhxW7Xly4bCdVeDbjxI/IgC6OEWUrBHyRzJ7:o1sbM4ZXfkadgbFI/rmE65	... File Actions Show Properties Download
C:\588bce7c90097ed212\Graphics\Rotate1.ico	1.14 KB	MD5: 8587cc64d738022737e63b5c95f8585b SHA1: e52aa123439a923e142e71f852c432c704ffdc91 SHA256: 535c2d95ae35275522451435c1d3f48aff93a5adf457e21ead8e1a22a333cee5 SSDeep: 24:0IM2MKsQE1QlTMEwYLGOpGeO9nLf1uErK+Fu5+upx2L:0PKsZBiarB9nQErK+FRL	... File Actions Show Properties Download
C:\588bce7c90097ed212\Extended\Parameterinfo.xml	91.41 KB	MD5: ca6e32b5d58830b6ef4ef403719f2e8a SHA1: bde19ff5d311f4a0430c2e85cff355938b52588f SHA256: 2214673b9502db36fb0fced5c013b53755f0db006f645b2d36658e46396da2c2 SSDeep: 1536:MyN+m0a/boXrKeSaBq9nP1V6gmSfm9E9mj466zIow68Uvzmaqn5WCyvgznDdrCw:am0TrDB+GSfiVs6HJOKPEgznUw	... File Actions Show Properties Download
C:\588bce7c90097ed212\Client\UiInfo.xml	38.41 KB	MD5: 5e46526e44db128f423020b73f9086fc SHA1: d3dd0663d0ee459696a2fa86637bd48964ff44c3 SHA256: 2e50b9057be7e363ac20097af3b9b0c951c21ae49d7f98f310d1a615012d4864 SSDeep: 768:0pkOvYHfHM/6ewRMCcu4ZMtIitilNuld0n+bNmV5DBBx+wxS:NOWfHMSewR7P7f0lNuMn+RmV5fXS	... File Actions Show Properties Download
C:\588bce7c90097ed212\DisplayIcon.ico	86.74 KB	MD5: 660c80c0e7805fdeea307a49dd8cce37 SHA1: 9053f02f400a390080a71b9b326110499fcebec2 SHA256: 5a5414cd18f8d0f9655df3a4db84517529fdfffab1ca85ad622d85c2fc3c0df0 SSDeep: 1536:DEqDSbNv7d5HX4diGexg0YD3O5wj/1dlLmuD5v9IsgZRqCYV3pyVFUsBKRmKP57x:DE1bNv7LIdZ4YDe5G9dlSuvIzXqvJ0Di	... File Actions Show Properties Download
C:\588bce7c90097ed212\Extended\UiInfo.xml	38.41 KB	MD5: 6d747f4cf662114eef0be4705a3c17e0 SHA1: 5dd9276e7ed4d13f3ee5198c3b5a3f4fc4beca73 SHA256: 08a21461355dc78f964b60a2487d710557687f4cf668d1ff85c0aaeb4b59b893 SSDeep: 768:CERfyQWVXWGf4J8c+33u83pioBB4IK3rmM81FspaXeGC8GPdJANyx:CEiXP5c+3+2BBgrmM6FAaOGC8WdJ08	... File Actions Show Properties Download
C:\588bce7c90097ed212\Graphics\Rotate3.ico	1.14 KB	MD5: d59a8f98759d79ef666c65f1c856a4c6 SHA1: ab981cb2a1839ffd0de4d47b6d3bf78b9b4d63bc SHA256: f0ca022334fd1ad69b9b490978b31bc2321731234346be765b3abb595db1ee7d SSDeep: 24:dgT901EDpRHZxn9PxbpATo9VL5IAeZt+/lSA2F+4:dgT901oNZrPxbpwgLl2I4	... File Actions Show Properties Download
C:\588bce7c90097ed212\Graphics\Rotate5.ico	1.14 KB	MD5: a5f26adcdc32f668604d659b607b4929 SHA1: 3d893cfb320a12de198d524d64bfd0eb68e07327 SHA256: 34f972f8c071cb5d3147ff1baff57616cb204a171c3e085e359f44bd3f7ceb64 SSDeep: 24:/K1YShpTYYGcJL9A4wTXNwFs8tVsOS9NI2RFJBblT3vB0:/KvTYGJhA4c9wFlPS9NdRLB1Z0	... File Actions Show Properties Download
C:\588bce7c90097ed212\Graphics\Rotate6.ico	1.14 KB	MD5: a252a84bd9c4fcfff3ac7cc729b3b9bc SHA1: a1db9a282cda2bbeeff7e6a17f35b65af8690d38 SHA256: a3a4d0b7a1d2ebe5ac476e0e53365a881e3f581124de74081d3bae2429e3aa6b SSDeep: 24:oDBCdz7gDNd0yFXEf37yGFQ0iUdyjoB6+fbj3F6A:oDQdeNd05fWGO0i7joBXfbl	... File Actions Show Properties Download
C:\588bce7c90097ed212\Graphics\Rotate4.ico	1.14 KB	MD5: a143dab1d760e2f0ea31edd3fa775b4f SHA1: 2db1e028ffc8362f8d0a64adc0388570d3fd6910 SHA256: 4e2d0516f01f8f7971a6e2bc334de28331c8b397b34d78ccb16eb1d28370ded1 SSDeep: 24:iAwl7tSqqodxiK/6/g+avZ8LmUhTgfDKMem1ikt:iAwWqxxijNuZAvhUDthwkt	... File Actions Show Properties Download
C:\588bce7c90097ed212\Graphics\Rotate7.ico	1.14 KB	MD5: c1a8196f4160e039d1ab67161317154d SHA1: b536de6097467fba1d896f65c5bfdff4d5d98fa1 SHA256: d6cae8adfc58a3a4a5aa2ae5db038efb6fe347a367fed4072dd707fd593e2a8f SSDeep: 24:EG9PDX439Jyj4GRdTB4rF4Eml6LnUQ2wgTjJIrMQw+1SnweK8an+7UtPsKdYUrGJ:gyj4WdTB4hJTnU9vTcCovB+7+pG	... File Actions Show Properties Download
C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico	1.39 KB	MD5: efd9e08dddd36a79744882e6534b0bb4 SHA1: 02ec1f2dbeb4fe4a4edc4c9b92dec5cf8200dee0 SHA256: f38faa56e5f33dcf67fa51353f4be592dbc2d50e8db5811cd53a8d21c3460936 SSDeep: 24:YoJXnH/OdhbqmHHnGY98Dg/4DXBsvQlbtnetiYQE7R6umkZksUIHKRIVKO:YQ36hOmnGY9OgwDXmGheXakZDjQIVKO	... File Actions Show Properties Download
C:\588bce7c90097ed212\Graphics\Rotate8.ico	1.14 KB	MD5: 4393e0affeae582c76f6699de02cfad0 SHA1: 0b57cbb0f8b9a08fb0ca04a670e02513b8f31d82 SHA256: 8cd61a7d8502a3f334b07215836e2f0cfe40e64ec7589e2f677443c321f647de SSDeep: 24:tgOJ52Dkm8TVQEhxn/GRUIhw3WcAfZeePhERUGh3YhBboLq:R4DkBWiZuP68fs+xcYUm	... File Actions Show Properties Download
C:\588bce7c90097ed212\Graphics\Setup.ico	36.13 KB	MD5: 498d12fde0772b51edaed7ddb1517198 SHA1: 7fefd459e5d81cf5e3dec515b9df609b9b63e426 SHA256: fb9e27be48c8603a1106b7c8273cb10050bdea36b4931492aec1aac3f80a5e69 SSDeep: 768:yxVqWwIIbgaonWLxVXUl7HJbeUnNdDAubHUmt7c8N1jHk8WVepDR2zthM:mvAbgarLxVEFdNnNFAS0mt7cEjE8GeW8	... File Actions Show Properties Download
C:\588bce7c90097ed212\header.bmp	3.81 KB	MD5: 242a54c6b3bddbd52fa43f10a2ef1f26 SHA1: 1bbcb698392d2caaf27107ea833f65bfb3a25806 SHA256: a761fcdfe0e06c482425773b4510485dc8c1f9d4a32e282988c8ba75da047701 SSDeep: 96:+sWRCTw/se6syusxK/MTto1iH/Dd/Fa4LtGtARa1zNQgeJ:hWRCTwEq5sV8ifJE4LEtARa1zWgeJ	... File Actions Show Properties Download
C:\588bce7c90097ed212\Graphics\stop.ico	10.17 KB	MD5: 17d516644bf04f1175acb5adc0bbb88a SHA1: 2aaeb7d46e57763c195bdf3f9c87c25bf44c8e57 SHA256: 4ab41e736a6ab48eb828c182d598ecfb0bfa14a4d0180d39c37ddedf8e31ceca SSDeep: 192:PeH4Low1Wy80r+WTPH80ccxpct2xesHmxoflCbJTcAz0iA78Ljm:w4Lxn8++WD80ckcA9mo67z0X8nm	... File Actions Show Properties Download
C:\588bce7c90097ed212\Graphics\warn.ico	10.17 KB	MD5: 7e94c5afb75c95d8c26f1c640e8c35be SHA1: eb11fe03f757823cf1d00440adb3b28d6144932d SHA256: c5b012d564cb92ea5fff1d62357dfed7e027be2173ca6e6c916d58ad1c78338b SSDeep: 192:eONlN96ozafsIwMAkELfrLoiLb+paKZxAQk+aBiN5WEOZg88BpfS:PNz96ozaf75APLfkhaBiNgyDB9S	... File Actions Show Properties Download
C:\588bce7c90097ed212\netfx_Core_x86.msi	1.11 MB	MD5: c10bf0fc58203b4d10b57c673a34a9b4 SHA1: 0efaaa6b63db0716e9e397dc30458cb72b2af116 SHA256: 972efc674e0775a100c15129b08f5318518c45331dff2435d3f60b2a420a2ab5 SSDeep: 24576:G3a9ArOYu6M1JPB8pq5G/CDWbYRUdUo1H7N8k2OCQZ4RgKfI:Gfu31j8p0G/CDNRUdr2/TaX	... File Actions Show Properties Download
C:\588bce7c90097ed212\netfx_Extended_x64.msi	852.28 KB	MD5: 749a9ea57aed38f8f6c3c6fa486cbaf3 SHA1: 77b0967655c0e474b8c4e3924ff16e3a22f08104 SHA256: 4f92dfe2d530c41c65f2136a6a708a7bda8436a93429325e2e2170f8f985bfd6 SSDeep: 24576:2Dg1x0xwt0JFejiqOsdWpIk9E9intRk/XLjNyrWJh:206wGJQbfgjdntReXLMrq	... File Actions Show Properties Download
C:\588bce7c90097ed212\netfx_Extended_x86.msi	484.28 KB	MD5: 2a4a98b10622ea68310ede4f2579d349 SHA1: 5961b0162acb213a5e46233193154405f29c1986 SHA256: 58e91b2ade8c590b1c863a86f8dcf3ff89a7dfba245a912581cfa88867b90dec SSDeep: 12288:/r1N2rCCOZXhNjR8labslbtBlUzUJtAJcA6b0tz/b6OMVMBiA6+:72mXzjqlabs5lU4JSJcAqevfMVJ+	... File Actions Show Properties Download
C:\588bce7c90097ed212\Strings.xml	14.03 KB	MD5: 928b87ff2201d4cee7384129c918b187 SHA1: 0a5dce0db042113ea42d61d74cd46e112bdef9b8 SHA256: 9c08ecc9c68d4f2c7847ef539583f4b3e622b82e3f797766a8f592cffd3836b8 SSDeep: 384:+NSY6FD7acsxYZsLGGQpA8WY19VY0l1lKXMMn5EWEt5uG:OQfZtla5Y7VLlPuCt5uG	... File Actions Show Properties Download
C:\588bce7c90097ed212\RGB9RAST_x64.msi	180.78 KB	MD5: 9dd48360b86e1cae606753841378a2be SHA1: 3fe50a80b312627f2681eacb548bd4b8864fbdab SHA256: d01fc06d1e54259bb3ba0a804ec9ec79e6750c4809bc1fb8457d1a4e5dcbc9c6 SSDeep: 3072:8KkTmIfb9jUp+oT0TIs2En57Rgcm8yWkcZnNLHorO1fBjM7AFwmD4hMRWwoI2Y:OT3fb9jGzXAY6Zndn1fBjM7AOl4knY	... File Actions Show Properties Download
C:\588bce7c90097ed212\SplashScreen.bmp	40.39 KB	MD5: fcbd518c3fd91d19e20e0ae201a77822 SHA1: 1b9ee8589b2c58c0c1734e784beb5be07dbc49a1 SHA256: 792fb8c1732753fc19698747074e739bc86d2d8e7dbd330d8fa0f714c4d91848 SSDeep: 768:ipVwqsWEe54xK1t/KYlBUaeNuVUCkIoItzrvQl2i1KOClBOfEDaU:iXwZWpT/KYlGLNMtnntzkjKOCzO8t	... File Actions Show Properties Download
C:\588bce7c90097ed212\UiInfo.xml	38.27 KB	MD5: 049f98fb0a34c3fd80060922f9299741 SHA1: 9546033446437a56a5e336a05f8a05822d021c95 SHA256: 8e03396cdd22d4fa0ac2aba11a60edcbcac7ce40f18aee1a9e2984da4f60eb81 SSDeep: 768:K6jyRTaMV4dyQtUSeRlJJVkRymucjh/PDz+qnudqFLJ+mlw3NdGeMEH5OY:K6jyzV4YBjkwqjJ+70LJ+D3f/M1Y	... File Actions Show Properties Download
C:\588bce7c90097ed212\netfx_Core_x64.msi	1.81 MB	MD5: 4103967ceba956d217f360bba0230dac SHA1: d5abdca340e449a1cb266a4049525cf8bc3b5ce4 SHA256: e10adfd1f5a19f2a22f65e11c04854020a2ead5c77d2a1fda99cac80f26350ba SSDeep: 49152:HAcKPsJfEhTNJO+xbu256voysIMO4+WRpjrXbmQ+:HU0JfI5Hxbu2gJspd+g3XqQ+	... File Actions Show Properties Download
C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx	68.28 KB	MD5: 860a7985e6576c01cbc2fe8cd399db1a SHA1: b7effdf61a787737a11c02a206afe332f5b74e6d SHA256: f38ec52dbab63b5366b062a0f5892f982b1e7aa27d5a5b21e98fd2b57d692d1b SSDeep: 1536:Q0sDKP4tOMrymAIo1dgBOzxQ19T6vUyK6865T97kIXYsJwOgkXKUhg:Ay4tOuzOLNQ1YvJj9iIIowI6sg	... File Actions Show Properties Download
C:\Logs\Security.evtx	1.07 MB	MD5: e0baadf00077286ba57bcb64dbeb05ad SHA1: 9af274e8247aec21b0855c888788c3f126e47ac4 SHA256: 6fc3e2ea91461573b991b5f49274564ab496176d1e2e2bcc4e4b436cd5c19d1c SSDeep: 24576:FfUWMIjyrVVVZK97IqJ9l/S2nYY30NNFvlzyR18uLbjlPujvp:F8IjybVi71NYa0jFM18qb5Pubp	... File Actions Show Properties Download
C:\Logs\HardwareEvents.evtx	68.28 KB	MD5: 4d3be8b5828b4726a0631414a4ec363e SHA1: e36591af6d33712af521f3496bde6c3cfe37c14a SHA256: 45f78ee2571b0a80d812459663c35f49d16cbfc0639ebe4746e013748ff22807 SSDeep: 1536:PCRLjxx8cgxanSCZ7F5vqhP48Cke3iUAQYZr0sPhJDCTBUm1B+UXX1:YlmcQaSCpF0hA/kIALr06hoT/BzXl	... File Actions Show Properties Download
C:\Logs\Setup.evtx	68.28 KB	MD5: d1f9ca94754438da0201cd0458a3bb21 SHA1: 60f3be6e7c689978e7f66e754d35540c24d01f29 SHA256: 6a5655633294d0e97ce76158e5dcef5eea3003a73d51076c7e7e2bb8e50cc262 SSDeep: 1536:gbkgyTNasHXnjA13vO7cvH6bommLTXwUq7/+hq2d4v6UTkEA:HgyTAq81tH6b0P8KqnCUTkj	... File Actions Show Properties Download
C:\Logs\System.evtx	1.07 MB	MD5: 4e7f21d66a342e24c8542a5252c2e61e SHA1: a21ec72d3442987a17cde6ace5ac7f0f88234b4d SHA256: 79255702faa3fe65b19149b647877d8322c4aaa575fa18d4b688de0e9337d301 SSDeep: 24576:5ykWYq3Bs4vi2O+FVTZtU4DOOV7JLCu7bnzO81rtC96Om/lru:5tgW4vi2tZa4qYw+zOQrtCtm/lS	... File Actions Show Properties Download
C:\Logs\Application.evtx	68.28 KB	MD5: 4d6b7db8374c01d7f5f47b47d65cb185 SHA1: aa03f6b01abaca89bbc5f2afa99d183e4d5813df SHA256: 217f7de7b6ad2e860f0d0e3b9d677f8020b12c7446a68d4f1dfc0061f7ddfef4 SSDeep: 1536:NuCeFSx4Re+YtqbMecD0rNPlmLkZl6fuoqzEcWlANv2/K+1+MOS330:DeFSxKe+Ytq/cDa/mLkzOLrP1TOSn0	... File Actions Show Properties Download
C:\Logs\Key Management Service.evtx	68.28 KB	MD5: 3d830ceff1ac2e6e891c2af0db8c7c5e SHA1: 35cfccf49018fa7b9d2aa9df5dff92a7f58f844b SHA256: 69e5b04a3a07eaa34a3a4f01a25036408feffec6550034c25b35ed3be5d3aca8 SSDeep: 1536:BJz60fLcnuV4fz3KoxivLI9SwOYGAcJ00Ittvkgr:BJ+y74r3FcvUlg00Ittvk2	... File Actions Show Properties Download
C:\588bce7c90097ed212\netfx_Extended.mzz	41.13 MB	MD5: 22fc91fa6151cd79737026764c911b8a SHA1: dfd7da748ad50f8169efd5284d29c0b7ce39a3ff SHA256: 384a7624d5ec7a630770ce17b4ff99d3d2d5ed20d9e0f6dbb7377468784dfa85 SSDeep: 196608:D2DDisK8wxcctItBXFD4hb2lQhZmKUZQdjl7izowxAwYaIn9mpjG8WHNg3DefQ:oDisp+tItTD4hqihZm+l7izowKwO9kjn	... File Actions Show Properties Download
C:\588bce7c90097ed212\netfx_Core.mzz	173.08 MB	MD5: 83d5b9c0c28887771219fd518532dad5 SHA1: 1ed182450e33c0b0fdcc7ef9f5436968d1194ddc SHA256: 83e2c01dde6ced9b11279da5f622a72d8dc76f8f34886059ce3ce92811509bba SSDeep: 196608:RbK/ZoHy+eFGJNqaLGKexxertHonOInzQTLH33XP3G6A5AJCWOEN4fxaQd:R2n+eAfqaCKexkHj2UT73P3VtNRqaQd	... File Actions Show Properties Download

Host Behavior

File (3221)

Operation	Filename	Additional Information	Count	Logfile
Create	C:\users\Public\sys	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN	1	Fn
Create	C:\users\Public\sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_HIDDEN	1	Fn
Create	C:\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	8	Fn
Create	C:\$GetCurrent\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\$GetCurrent\Logs\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\$GetCurrent\SafeOS\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\$GetCurrent\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	6	Fn
Create	C:\$WINRE_BACKUP_PARTITION.MARKER	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1025\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	3	Fn
Create	C:\588bce7c90097ed212\1028\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1029\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1030\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1031\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1032\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\$GetCurrent\SafeOS\preoobe.cmd	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\$GetCurrent\SafeOS\SetupComplete.cmd	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1025\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1025\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1028\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1028\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1029\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1029\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1030\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1030\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1031\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1031\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1033\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1035\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1036\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1037\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1038\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1040\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1041\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1032\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1032\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1033\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1033\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1035\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1035\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1036\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1036\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1037\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1037\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1038\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1038\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1040\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1040\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	3	Fn
Create	C:\588bce7c90097ed212\1042\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	3	Fn
Create	C:\588bce7c90097ed212\1043\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1044\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1045\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\588bce7c90097ed212\1046\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1049\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1053\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1041\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1055\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1041\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1042\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1042\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1043\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1043\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1044\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1044\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1045\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1045\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1046\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1046\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1049\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1049\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1053\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1053\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1055\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\588bce7c90097ed212\2052\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\2070\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\3076\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\588bce7c90097ed212\3082\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Client\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\588bce7c90097ed212\Extended\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\1055\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\2052\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\2070\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\2070\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\3076\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\3076\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\2052\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\3082\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\3082\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Client\Parameterinfo.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Client\UiInfo.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\DHtmlHeader.html	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\DisplayIcon.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Extended\Parameterinfo.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Extended\UiInfo.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Graphics\Print.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Graphics\Rotate1.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Graphics\Rotate2.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Graphics\Rotate3.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Graphics\Rotate4.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Graphics\Rotate5.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Graphics\Rotate6.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Graphics\Rotate7.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Graphics\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	41	Fn
Create	C:\Boot\bg-BG\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\cs-CZ\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\da-DK\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\de-DE\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\el-GR\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\en-GB\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\en-US\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Graphics\Rotate8.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Graphics\Save.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Graphics\Setup.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Graphics\stop.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Graphics\SysReqMet.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Graphics\warn.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\header.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\netfx_Core.mzz	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\netfx_Core_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\netfx_Core_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\netfx_Extended.mzz	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\netfx_Extended_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\netfx_Extended_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\ParameterInfo.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\RGB9RAST_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\RGB9Rast_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\SetupUi.xsd	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\SplashScreen.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\Strings.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\UiInfo.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\588bce7c90097ed212\watermark.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\BCD	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\BCD.LOG	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\BCD.LOG1	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\BCD.LOG2	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\BOOTSTAT.DAT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\es-ES\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\es-MX\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\et-EE\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\fi-FI\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\fr-CA\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\fr-FR\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\hr-HR\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\hu-HU\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\it-IT\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\ja-JP\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\ko-KR\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\lt-LT\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\lv-LV\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\nb-NO\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\nl-NL\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\pl-PL\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\pt-BR\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\pt-PT\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\qps-ploc\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Resources\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\Boot\Resources\en-US\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\ro-RO\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\msjhn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\ru-RU\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\sk-SK\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\chs_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\msyhn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\msjh_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\wgl4_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\segoe_slboot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\segoen_slboot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\segmono_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\msyh_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\sl-SI\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\sr-Latn-CS\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\meiryo_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\sr-Latn-RS\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\sv-SE\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\tr-TR\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\uk-UA\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\zh-CN\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\zh-HK\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\zh-TW\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Documents and Settings\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\ESD\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\malgunn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\meiryon_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\cht_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\jpn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\kor_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\Fonts\malgun_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\bootmgr	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\BOOTSECT.BAK	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\hiberfil.sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\BOOTNXT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Boot\updaterevokesipolicy.p7b	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Logs\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\PerfLogs\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	4	Fn
Create	C:\Program Files\Common Files\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	5	Fn
Create	C:\Program Files\Common Files\DESIGNER\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	13	Fn
Create	C:\Program Files\Common Files\microsoft shared\ClickToRun\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\pagefile.sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	42	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\da-DK\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\de-DE\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\el-GR\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\en-GB\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Logs\Security.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Logs\Setup.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Logs\System.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Logs\HardwareEvents.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Logs\Application.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\en-US\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Logs\Internet Explorer.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\es-ES\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\es-MX\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\et-EE\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	11	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Logs\Key Management Service.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\Content.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\he-IL\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\hwrusalm.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\it-IT\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\chstic.dgml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\th-TH\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\MSInfo\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\OFFICE16\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Source Engine\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\TextConv\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\Program Files\Common Files\microsoft shared\TextConv\en-US\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Triedit\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\Program Files\Common Files\microsoft shared\Triedit\en-US\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\VC\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\VGX\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\VSTO\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\Services\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	5	Fn
Create	C:\Program Files\Common Files\System\ado\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\Program Files\Common Files\System\ado\en-US\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\en-US\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\msadc\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\Program Files\Common Files\System\msadc\en-US\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\Ole DB\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\Program Files\Common Files\System\Ole DB\en-US\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Internet Explorer\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	4	Fn
Create	C:\Program Files\Internet Explorer\en-US\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Internet Explorer\images\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Internet Explorer\SIGNUP\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\Program Files\Java\jre1.8.0_144\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	3	Fn
Create	C:\Program Files\Java\jre1.8.0_144\bin\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	4	Fn
Create	C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\Garden.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\Shades of Blue.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\Stars.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\OrangeCircles.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\Stars.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\Services\verisign.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\ado\adojavas.inc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\ado\adovbs.inc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\ado\msadox28.tlb	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\ado\msador28.tlb	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\ado\msadomd28.tlb	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\ado\msado60.tlb	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\ado\msado28.tlb	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\ado\msado27.tlb	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\ado\msado26.tlb	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\ado\msado25.tlb	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\ado\msado21.tlb	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\ado\msado20.tlb	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\msadc\adcjavas.inc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\msadc\adcvbs.inc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Internet Explorer\images\bing.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\bin\javacpl.cpl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\bin\plugin2\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\bin\server\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Internet Explorer\SIGNUP\install.ins	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	11	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\amd64\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\applet\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\cmm\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\ext\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\fonts\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\images\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\jfr\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\management\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\security\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	3	Fn
Create	C:\Program Files\Microsoft Office\Office16\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\bin\server\classes.jsa	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\COPYRIGHT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\accessibility.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\amd64\jvm.cfg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\calendars.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\charsets.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\classlist	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\cmm\CIEXYZ.pf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\cmm\GRAY.pf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\cmm\LINEAR_RGB.pf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\cmm\PYCC.pf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\cmm\sRGB.pf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\content-types.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\currency.data	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\ffjcext.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_de.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_es.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_fr.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_it.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ja.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ko.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_pt_BR.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_sv.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_CN.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_HK.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_TW.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11-lic.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\deploy.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\ext\access-bridge-64.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\ext\cldrdata.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\ext\dnsns.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\ext\jaccess.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\ext\jfxrt.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\ext\localedata.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\ext\meta-index	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\ext\nashorn.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\ext\sunec.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\ext\sunjce_provider.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\ext\sunmscapi.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\ext\sunpkcs11.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\ext\zipfs.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\flavormap.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\fontconfig.bfc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\fontconfig.properties.src	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightDemiBold.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightDemiItalic.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightItalic.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightRegular.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaSansDemiBold.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaSansRegular.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaTypewriterBold.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaTypewriterRegular.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\hijrah-config-umalqura.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\cursors.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\invalid32x32.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyDrop32x32.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyNoDrop32x32.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkDrop32x32.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkNoDrop32x32.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveDrop32x32.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveNoDrop32x32.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\javafx.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\javaws.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\jce.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\jfr\default.jfc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\jfr\profile.jfc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\jfr.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\jfxswt.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\jsse.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\jvm.hprof.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\logging.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\management\jmxremote.access	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\management\jmxremote.password.template	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\management\management.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\management\snmp.acl.template	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\management-agent.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\meta-index	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\net.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\plugin.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\psfont.properties.ja	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\psfontj2d.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\resources.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\rt.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\security\blacklist	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\security\blacklisted.certs	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\security\cacerts	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\security\java.policy	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\security\java.security	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\security\javaws.policy	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\security\local_policy.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\security\trusted.libraries	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\security\US_export_policy.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\sound.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\tzdb.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\lib\tzmappings	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\LICENSE	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\README.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\release	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Java\jre1.8.0_144\Welcome.html	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\AppXManifest.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\FileSystemMetadata.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\Office16\OSPP.VBS	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\Office16\SLERROR.XML	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	2	Fn
Create	C:\Program Files\Microsoft Office\root\client\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\RyukReadMe.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00004_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00011_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00021_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00037_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00038_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00040_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00052_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00057_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00090_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00092_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00103_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00120_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00126_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00129_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00130_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00135_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00139_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00142_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00154_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00157_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00158_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00160_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00161_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00163_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00164_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00165_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00167_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00169_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00170_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00171_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00172_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00174_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00175_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00176_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00010_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00015_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00790_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00853_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00914_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00932_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00965_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01039_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01044_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01060_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01084_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01173_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01174_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01184_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01216_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01218_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01251_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01545_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02122_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02559_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02724_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN03500_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04108_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04117_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04134_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04174_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04191_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04195_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04196_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04206_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04225_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04235_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04267_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04269_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04323_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04326_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04332_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04355_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04369_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04384_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04385_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BABY_01.MID	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00116_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00141_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00146_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00155_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00160_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00173_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD05119_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD06102_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD06200_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07761_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07804_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07831_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08758_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08773_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08808_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08868_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09031_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09194_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09662_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09664_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD10890_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD10972_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19563_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19582_.GIF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19695_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19827_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19828_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19986_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19988_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD20013_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00008_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00012_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00045_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00098_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00105_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00122_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00130_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00148_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00152_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00194_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00195_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00234_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00242_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00247_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00248_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00252_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00254_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00261_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00262_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00265_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00267_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00269_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00270_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00273_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00274_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00296_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00390_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00392_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00524_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00525_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00526_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00648_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00921_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00923_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00932_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00985_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BOAT.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BOATINST.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00076_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00078_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00092_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00100_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00135_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00136_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00145_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00174_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00184_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00186_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00200_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00224_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00438_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00439_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00440_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00441_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00442_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00443_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00444_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00445_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00453_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01080_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01603_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01634_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01635_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01636_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01637_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01638_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01639_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CARBN_01.MID	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CG1606.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLASSIC1.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLASSIC2.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLIP.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CMNTY_01.MID	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CRANE.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CRANINST.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CUP.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CUPINST.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00117_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00121_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00234_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00255_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00256_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00261_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00297_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00372_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00405_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00407_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00413_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00414_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00419_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00437_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00448_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00449_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00687_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00705_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01015_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01039_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01138_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01139_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01140_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01143_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01145_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01146_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01151_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01152_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01157_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01160_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01162_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01163_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01166_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01167_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01168_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01169_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01170_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01171_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01172_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01173_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01176_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01178_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01179_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01180_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01181_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01182_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01183_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01186_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01366_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01434_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01585_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01586_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01628_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01629_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01630_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01631_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01761_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01772_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01793_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EAST_01.MID	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00010_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00019_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00172_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00184_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00006_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00202_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00222_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00242_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00319_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00320_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00397_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00902_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EXPLR_01.MID	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FALL_01.MID	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00074_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00076_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00077_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00086_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00090_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00096_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00296_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00297_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00306_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00336_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00361_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00369_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00382_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00397_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00403_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00414_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00419_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00428_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00435_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00438_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00455_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00459_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00543_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00544_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00564_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00586_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00775_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00779_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00799_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00814_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00965_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01074_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01084_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01176_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01191_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01193_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01196_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01548_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01657_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01658_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01659_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01660_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02068_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02071_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02075_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02088_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02097_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02115_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02116_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02141_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02153_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02158_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02161_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FINCL_01.MID	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FINCL_02.MID	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FLAP.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\GRDEN_01.MID	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\GRID_01.MID	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00057_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00084_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00231_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00235_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00236_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00241_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00260_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00276_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00334_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00443_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00513_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00524_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00526_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00527_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00546_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00601_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00602_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00612_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00623_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00625_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00636_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00669_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00681_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00685_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00687_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00688_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00693_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01013_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01015_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01058_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01065_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01080_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01242_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01291_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01329_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01461_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01618_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01759_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01875_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01923_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02155_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02166_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02282_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02298_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02312_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02313_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00005_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00114_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00116_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00172_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00426_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HTECH_01.MID	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00046_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00118_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00177_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00204_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00233_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00343_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00346_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00351_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00557_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00915_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00919_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00956_.WMF	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Write	C:\588bce7c90097ed212\3076\eula.rtf	size = 6320	1	Fn Data
For performance reasons, the remaining 645 entries are omitted. The remaining entries can be found in glog.xml.

Module (78)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x7ff92fdd0000	1	Fn
Load	mpr.dll	base_address = 0x7ff9232d0000	1	Fn
Load	advapi32.dll	base_address = 0x7ff931520000	1	Fn
Load	ole32.dll	base_address = 0x7ff9315e0000	1	Fn
Load	Shell32.dll	base_address = 0x7ff9300e0000	1	Fn
Load	Iphlpapi.dll	base_address = 0x7ff92da00000	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = LoadLibraryA, address_out = 0x7ff92fdee490	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetLastError, address_out = 0x7ff92fde33c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = VirtualFree, address_out = 0x7ff92fdea3e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptExportKey, address_out = 0x7ff931535410	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = DeleteFileW, address_out = 0x7ff92fdf2130	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetDriveTypeW, address_out = 0x7ff92fdf22c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetCommandLineW, address_out = 0x7ff92fdedbe0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetStartupInfoW, address_out = 0x7ff92fdebf50	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindNextFileW, address_out = 0x7ff92fdf2230	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = VirtualAlloc, address_out = 0x7ff92fde97f0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = GetUserNameA, address_out = 0x7ff9315622e0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = ExitProcess, address_out = 0x7ff92fdec0d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateProcessA, address_out = 0x7ff92fdeb190	1	Fn
Get Address	c:\windows\system32\iphlpapi.dll	function = GetIpNetTable, address_out = 0x7ff92da0fcc0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetVersionExW, address_out = 0x7ff92fde9a70	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = GetUserNameW, address_out = 0x7ff9315353c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = ReadFile, address_out = 0x7ff92fdf2480	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegQueryValueExA, address_out = 0x7ff9315354e0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CloseHandle, address_out = 0x7ff92fdf1ea0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegSetValueExW, address_out = 0x7ff931535370	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegCloseKey, address_out = 0x7ff931534c50	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileA, address_out = 0x7ff92fe2a370	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFileAttributesW, address_out = 0x7ff92fdf24f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WinExec, address_out = 0x7ff92fe2e3b0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDeriveKey, address_out = 0x7ff93154a740	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptGenKey, address_out = 0x7ff931539be0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Sleep, address_out = 0x7ff92fde3410	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetCurrentProcess, address_out = 0x7ff92fdf1e00	1	Fn
Get Address	c:\windows\system32\shell32.dll	function = ShellExecuteW, address_out = 0x7ff9301df5d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileSize, address_out = 0x7ff92fdf2320	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GlobalAlloc, address_out = 0x7ff92fde7fb0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindClose, address_out = 0x7ff92fdf2160	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleFileNameA, address_out = 0x7ff92fdee000	1	Fn
Get Address	c:\windows\system32\shell32.dll	function = ShellExecuteA, address_out = 0x7ff9302a1600	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleHandleA, address_out = 0x7ff92fdec1a0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateFileA, address_out = 0x7ff92fdf20f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileSizeEx, address_out = 0x7ff92fdf2330	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WriteFile, address_out = 0x7ff92fdf2570	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetLogicalDrives, address_out = 0x7ff92fde8dd0	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetEnumResourceW, address_out = 0x7ff9232d12d0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegOpenKeyExW, address_out = 0x7ff931534aa0	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetCloseEnum, address_out = 0x7ff9232d14f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFileAttributesA, address_out = 0x7ff92fdf24e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegOpenKeyExA, address_out = 0x7ff9315353b0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFilePointer, address_out = 0x7ff92fdf2510	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetTickCount, address_out = 0x7ff92fde33d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileAttributesW, address_out = 0x7ff92fdf2300	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindFirstFileW, address_out = 0x7ff92fdf21e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptAcquireContextW, address_out = 0x7ff931535a10	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = MoveFileExW, address_out = 0x7ff92fdeec60	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetOpenEnumW, address_out = 0x7ff9232d15e0	1	Fn
Get Address	c:\windows\system32\ole32.dll	function = CoInitialize, address_out = 0x7ff9315e7e20	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDecrypt, address_out = 0x7ff931539b10	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptImportKey, address_out = 0x7ff9315353f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFilePointerEx, address_out = 0x7ff92fdf2520	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileW, address_out = 0x7ff92fdf2770	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FreeLibrary, address_out = 0x7ff92fdebf60	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateProcessW, address_out = 0x7ff92fdeba30	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateDirectoryW, address_out = 0x7ff92fdf20d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateThread, address_out = 0x7ff92fde9940	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDestroyKey, address_out = 0x7ff9315357e0	1	Fn
Get Address	c:\windows\system32\ole32.dll	function = CoCreateInstance, address_out = 0x7ff92fad5110	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateFileW, address_out = 0x7ff92fdf2100	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileAttributesA, address_out = 0x7ff92fdf22d0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptEncrypt, address_out = 0x7ff93153a1a0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegDeleteValueW, address_out = 0x7ff9315382d0	1	Fn

System (7)

Operation	Additional Information	Count	Logfile
Sleep	duration = 5000 milliseconds (5.000 seconds)	1	Fn
Sleep	duration = 1000 milliseconds (1.000 seconds)	1	Fn
Get Info	type = Operating System	2	Fn
Get Info	type = Windows Directory, result_out = C:\WINDOWS	3	Fn

Process #6: svchost.exe

Information	Value
ID	#6
File Name	c:\windows\system32\svchost.exe
Command Line	C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Initial Working Directory	C:\WINDOWS\system32\
Monitor	Start Time: 00:00:38, Reason: Injection
Unmonitor	End Time: 00:04:24, Reason: Terminated by Timeout
Monitor Duration	00:03:45

OS Process Information

Information	Value
PID	0x718
Parent PID	0x250 (c:\windows\system32\services.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x CD4 0x C50 0x C10 0x 608 0x 638 0x 77C 0x 774 0x 754 0x 74C 0x 748 0x 740 0x 71C 0x D80 0x 3D8 0x 1030 0x 1074

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	AV	YARA	Actions
svchost.exe	0x7FF7CA630000	0x7FF7CA63EFFF	Relevant Image	-	64-bit	-			... Region Actions Download Dump

Injection Information

Injection Type	Source Process	Source Os Thread ID	Information	Success	Count	Logfile
Modify Memory	#1: c:\users\fd1hvy\desktop\dfylx.exe	0xda4	address = 0x7ff7f2c60000, size = 3727360		1	Fn Data
Create Remote Thread	#1: c:\users\fd1hvy\desktop\dfylx.exe	0xda4	address = 0x7ff7f2c61ad0		1	Fn

Host Behavior

File (4)

Operation	Filename	Additional Information	Success	Count	Logfile
Create	C:\users\Public\sys	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN		4	Fn

Module (78)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x7ff92fdd0000	1	Fn
Load	mpr.dll	base_address = 0x7ff9232d0000	1	Fn
Load	advapi32.dll	base_address = 0x7ff931520000	1	Fn
Load	ole32.dll	base_address = 0x7ff9315e0000	1	Fn
Load	Shell32.dll	base_address = 0x7ff9300e0000	1	Fn
Load	Iphlpapi.dll	base_address = 0x7ff92da00000	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = LoadLibraryA, address_out = 0x7ff92fdee490	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetLastError, address_out = 0x7ff92fde33c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = VirtualFree, address_out = 0x7ff92fdea3e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptExportKey, address_out = 0x7ff931535410	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = DeleteFileW, address_out = 0x7ff92fdf2130	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetDriveTypeW, address_out = 0x7ff92fdf22c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetCommandLineW, address_out = 0x7ff92fdedbe0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetStartupInfoW, address_out = 0x7ff92fdebf50	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindNextFileW, address_out = 0x7ff92fdf2230	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = VirtualAlloc, address_out = 0x7ff92fde97f0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = GetUserNameA, address_out = 0x7ff9315622e0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = ExitProcess, address_out = 0x7ff92fdec0d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateProcessA, address_out = 0x7ff92fdeb190	1	Fn
Get Address	c:\windows\system32\iphlpapi.dll	function = GetIpNetTable, address_out = 0x7ff92da0fcc0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetVersionExW, address_out = 0x7ff92fde9a70	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = GetUserNameW, address_out = 0x7ff9315353c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = ReadFile, address_out = 0x7ff92fdf2480	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegQueryValueExA, address_out = 0x7ff9315354e0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CloseHandle, address_out = 0x7ff92fdf1ea0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegSetValueExW, address_out = 0x7ff931535370	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegCloseKey, address_out = 0x7ff931534c50	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileA, address_out = 0x7ff92fe2a370	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFileAttributesW, address_out = 0x7ff92fdf24f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WinExec, address_out = 0x7ff92fe2e3b0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDeriveKey, address_out = 0x7ff93154a740	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptGenKey, address_out = 0x7ff931539be0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Sleep, address_out = 0x7ff92fde3410	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetCurrentProcess, address_out = 0x7ff92fdf1e00	1	Fn
Get Address	c:\windows\system32\shell32.dll	function = ShellExecuteW, address_out = 0x7ff9301df5d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileSize, address_out = 0x7ff92fdf2320	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GlobalAlloc, address_out = 0x7ff92fde7fb0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindClose, address_out = 0x7ff92fdf2160	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleFileNameA, address_out = 0x7ff92fdee000	1	Fn
Get Address	c:\windows\system32\shell32.dll	function = ShellExecuteA, address_out = 0x7ff9302a1600	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleHandleA, address_out = 0x7ff92fdec1a0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateFileA, address_out = 0x7ff92fdf20f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileSizeEx, address_out = 0x7ff92fdf2330	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WriteFile, address_out = 0x7ff92fdf2570	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetLogicalDrives, address_out = 0x7ff92fde8dd0	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetEnumResourceW, address_out = 0x7ff9232d12d0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegOpenKeyExW, address_out = 0x7ff931534aa0	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetCloseEnum, address_out = 0x7ff9232d14f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFileAttributesA, address_out = 0x7ff92fdf24e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegOpenKeyExA, address_out = 0x7ff9315353b0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFilePointer, address_out = 0x7ff92fdf2510	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetTickCount, address_out = 0x7ff92fde33d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileAttributesW, address_out = 0x7ff92fdf2300	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindFirstFileW, address_out = 0x7ff92fdf21e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptAcquireContextW, address_out = 0x7ff931535a10	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = MoveFileExW, address_out = 0x7ff92fdeec60	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetOpenEnumW, address_out = 0x7ff9232d15e0	1	Fn
Get Address	c:\windows\system32\ole32.dll	function = CoInitialize, address_out = 0x7ff9315e7e20	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDecrypt, address_out = 0x7ff931539b10	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptImportKey, address_out = 0x7ff9315353f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFilePointerEx, address_out = 0x7ff92fdf2520	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileW, address_out = 0x7ff92fdf2770	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FreeLibrary, address_out = 0x7ff92fdebf60	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateProcessW, address_out = 0x7ff92fdeba30	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateDirectoryW, address_out = 0x7ff92fdf20d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateThread, address_out = 0x7ff92fde9940	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDestroyKey, address_out = 0x7ff9315357e0	1	Fn
Get Address	c:\windows\system32\ole32.dll	function = CoCreateInstance, address_out = 0x7ff92fad5110	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateFileW, address_out = 0x7ff92fdf2100	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileAttributesA, address_out = 0x7ff92fdf22d0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptEncrypt, address_out = 0x7ff93153a1a0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegDeleteValueW, address_out = 0x7ff9315382d0	1	Fn

System (10)

Operation	Additional Information	Count	Logfile
Sleep	duration = 5000 milliseconds (5.000 seconds)	1	Fn
Sleep	duration = 9000 milliseconds (9.000 seconds)	4	Fn
Get Info	type = Operating System	1	Fn
Get Info	type = Windows Directory, result_out = C:\WINDOWS	4	Fn

Process #7: taskhostw.exe

Information	Value
ID	#7
File Name	c:\windows\system32\taskhostw.exe
Command Line	taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
Initial Working Directory	C:\WINDOWS\system32\
Monitor	Start Time: 00:00:39, Reason: Injection
Unmonitor	End Time: 00:04:24, Reason: Terminated by Timeout
Monitor Duration	00:03:45

OS Process Information

Information	Value
PID	0x7ac
Parent PID	0x3c0 (c:\windows\system32\svchost.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x B64 0x 98C 0x 8EC 0x 8B4 0x B78 0x B14 0x 830 0x 82C 0x 820 0x 818 0x 814 0x 780 0x 6B0 0x 680 0x 40C 0x 7B0 0x F08 0x F00

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	AV	YARA	Actions
taskhostw.exe	0x7FF638680000	0x7FF638697FFF	Relevant Image	-	64-bit	-			... Region Actions Download Dump

Injection Information

Injection Type	Source Process	Source Os Thread ID	Information	Success	Count	Logfile
Create Remote Thread	#1: c:\users\fd1hvy\desktop\dfylx.exe	0xda4	address = 0x7ff7f2c61ad0		1	Fn

Host Behavior

File (4)

Operation	Filename	Additional Information	Success	Count	Logfile
Create	C:\users\Public\sys	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN		4	Fn

Module (78)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x7ff92fdd0000	1	Fn
Load	mpr.dll	base_address = 0x7ff9232d0000	1	Fn
Load	advapi32.dll	base_address = 0x7ff931520000	1	Fn
Load	ole32.dll	base_address = 0x7ff9315e0000	1	Fn
Load	Shell32.dll	base_address = 0x7ff9300e0000	1	Fn
Load	Iphlpapi.dll	base_address = 0x7ff92da00000	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = LoadLibraryA, address_out = 0x7ff92fdee490	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetLastError, address_out = 0x7ff92fde33c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = VirtualFree, address_out = 0x7ff92fdea3e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptExportKey, address_out = 0x7ff931535410	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = DeleteFileW, address_out = 0x7ff92fdf2130	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetDriveTypeW, address_out = 0x7ff92fdf22c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetCommandLineW, address_out = 0x7ff92fdedbe0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetStartupInfoW, address_out = 0x7ff92fdebf50	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindNextFileW, address_out = 0x7ff92fdf2230	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = VirtualAlloc, address_out = 0x7ff92fde97f0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = GetUserNameA, address_out = 0x7ff9315622e0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = ExitProcess, address_out = 0x7ff92fdec0d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateProcessA, address_out = 0x7ff92fdeb190	1	Fn
Get Address	c:\windows\system32\iphlpapi.dll	function = GetIpNetTable, address_out = 0x7ff92da0fcc0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetVersionExW, address_out = 0x7ff92fde9a70	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = GetUserNameW, address_out = 0x7ff9315353c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = ReadFile, address_out = 0x7ff92fdf2480	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegQueryValueExA, address_out = 0x7ff9315354e0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CloseHandle, address_out = 0x7ff92fdf1ea0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegSetValueExW, address_out = 0x7ff931535370	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegCloseKey, address_out = 0x7ff931534c50	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileA, address_out = 0x7ff92fe2a370	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFileAttributesW, address_out = 0x7ff92fdf24f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WinExec, address_out = 0x7ff92fe2e3b0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDeriveKey, address_out = 0x7ff93154a740	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptGenKey, address_out = 0x7ff931539be0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Sleep, address_out = 0x7ff92fde3410	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetCurrentProcess, address_out = 0x7ff92fdf1e00	1	Fn
Get Address	c:\windows\system32\shell32.dll	function = ShellExecuteW, address_out = 0x7ff9301df5d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileSize, address_out = 0x7ff92fdf2320	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GlobalAlloc, address_out = 0x7ff92fde7fb0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindClose, address_out = 0x7ff92fdf2160	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleFileNameA, address_out = 0x7ff92fdee000	1	Fn
Get Address	c:\windows\system32\shell32.dll	function = ShellExecuteA, address_out = 0x7ff9302a1600	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleHandleA, address_out = 0x7ff92fdec1a0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateFileA, address_out = 0x7ff92fdf20f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileSizeEx, address_out = 0x7ff92fdf2330	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WriteFile, address_out = 0x7ff92fdf2570	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetLogicalDrives, address_out = 0x7ff92fde8dd0	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetEnumResourceW, address_out = 0x7ff9232d12d0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegOpenKeyExW, address_out = 0x7ff931534aa0	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetCloseEnum, address_out = 0x7ff9232d14f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFileAttributesA, address_out = 0x7ff92fdf24e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegOpenKeyExA, address_out = 0x7ff9315353b0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFilePointer, address_out = 0x7ff92fdf2510	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetTickCount, address_out = 0x7ff92fde33d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileAttributesW, address_out = 0x7ff92fdf2300	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindFirstFileW, address_out = 0x7ff92fdf21e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptAcquireContextW, address_out = 0x7ff931535a10	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = MoveFileExW, address_out = 0x7ff92fdeec60	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetOpenEnumW, address_out = 0x7ff9232d15e0	1	Fn
Get Address	c:\windows\system32\ole32.dll	function = CoInitialize, address_out = 0x7ff9315e7e20	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDecrypt, address_out = 0x7ff931539b10	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptImportKey, address_out = 0x7ff9315353f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFilePointerEx, address_out = 0x7ff92fdf2520	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileW, address_out = 0x7ff92fdf2770	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FreeLibrary, address_out = 0x7ff92fdebf60	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateProcessW, address_out = 0x7ff92fdeba30	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateDirectoryW, address_out = 0x7ff92fdf20d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateThread, address_out = 0x7ff92fde9940	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDestroyKey, address_out = 0x7ff9315357e0	1	Fn
Get Address	c:\windows\system32\ole32.dll	function = CoCreateInstance, address_out = 0x7ff92fad5110	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateFileW, address_out = 0x7ff92fdf2100	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileAttributesA, address_out = 0x7ff92fdf22d0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptEncrypt, address_out = 0x7ff93153a1a0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegDeleteValueW, address_out = 0x7ff9315382d0	1	Fn

System (10)

Operation	Additional Information	Count	Logfile
Sleep	duration = 5000 milliseconds (5.000 seconds)	1	Fn
Sleep	duration = 9000 milliseconds (9.000 seconds)	4	Fn
Get Info	type = Operating System	1	Fn
Get Info	type = Windows Directory, result_out = C:\WINDOWS	4	Fn

Process #8: reg.exe

Information	Value
ID	#8
File Name	c:\windows\system32\reg.exe
Command Line	REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svchos" /t REG_SZ /d "C:\Users\FD1HVy\Desktop\DfyLx.exe" /f
Initial Working Directory	C:\Users\FD1HVy\Desktop\
Monitor	Start Time: 00:00:39, Reason: Child Process
Unmonitor	End Time: 00:00:41, Reason: Self Terminated
Monitor Duration	00:00:01

OS Process Information

Information	Value
PID	0x174
Parent PID	0x1b4 (c:\windows\system32\cmd.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x EE8 0x D94

Host Behavior

File (6)

Operation	Filename	Additional Information	Count	Logfile
Get Info	STD_OUTPUT_HANDLE	type = file_type	2	Fn
Open	STD_OUTPUT_HANDLE	-	3	Fn
Write	STD_OUTPUT_HANDLE	size = 39	1	Fn Data

Registry (4)

Operation	Key	Additional Information	Count	Logfile
Create Key	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System	-	1	Fn
Read Value	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	value_name = svchos	1	Fn
Write Value	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	value_name = svchos, data = C:\Users\FD1HVy\Desktop\DfyLx.exe, size = 68, type = REG_SZ	1	Fn

Module (1)

Operation	Module	Additional Information	Success	Count	Logfile
Get Handle	c:\windows\system32\reg.exe	base_address = 0x7ff792660000		1	Fn

Process #9: shellexperiencehost.exe

Information	Value
ID	#9
File Name	c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe
Command Line	"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
Initial Working Directory	C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\
Monitor	Start Time: 00:00:40, Reason: Injection
Unmonitor	End Time: 00:04:24, Reason: Terminated by Timeout
Monitor Duration	00:03:44
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xb50
Parent PID	0x2b4 (c:\windows\system32\svchost.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	Low
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x E34 0x DE8 0x DE4 0x DE0 0x CB4 0x CB0 0x CA8 0x CA4 0x C08 0x 6E0 0x 6D0 0x 8C8 0x 69C 0x 79C 0x 634 0x BE0 0x BDC 0x BD4 0x BD0 0x BA4 0x BA0 0x B9C 0x B94 0x B8C 0x B88 0x B68 0x B54 0x 3FC

Injection Information

Injection Type	Source Process	Source Os Thread ID	Information	Success	Count	Logfile
Create Remote Thread	#1: c:\users\fd1hvy\desktop\dfylx.exe	0xda4	address = 0x7ff7f2c61ad0		1	Fn

Process #10: searchui.exe

Information	Value
ID	#10
File Name	c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
Command Line	"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
Initial Working Directory	C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\
Monitor	Start Time: 00:00:43, Reason: Injection
Unmonitor	End Time: 00:04:24, Reason: Terminated by Timeout
Monitor Duration	00:03:41
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xb58
Parent PID	0x2b4 (c:\windows\system32\svchost.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	Low
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x DD4 0x DD0 0x B74 0x B70 0x 590 0x 578 0x 6C4 0x 6D4 0x 588 0x 828 0x 630 0x 7C4 0x 7A0 0x 438 0x 778 0x 50C 0x BF0 0x BD8 0x BCC 0x BC8 0x BC4 0x BC0 0x BB8 0x BB0 0x BAC 0x BA8 0x B7C 0x B5C 0x D48

Injection Information

Injection Type	Source Process	Source Os Thread ID	Information	Success	Count	Logfile
Create Remote Thread	#1: c:\users\fd1hvy\desktop\dfylx.exe	0xda4	address = 0x7ff7f2c61ad0		1	Fn

Process #11: runtimebroker.exe

Information	Value
ID	#11
File Name	c:\windows\system32\runtimebroker.exe
Command Line	C:\Windows\System32\RuntimeBroker.exe -Embedding
Initial Working Directory	C:\WINDOWS\system32\
Monitor	Start Time: 00:00:46, Reason: Injection
Unmonitor	End Time: 00:04:24, Reason: Terminated by Timeout
Monitor Duration	00:03:38

OS Process Information

Information	Value
PID	0xbf4
Parent PID	0x2b4 (c:\windows\system32\svchost.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 734 0x A0C 0x 8AC 0x 57C 0x 61C 0x BF8 0x 260 0x 108C

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	AV	YARA	Actions
runtimebroker.exe	0x7FF7D7FC0000	0x7FF7D7FD5FFF	Relevant Image	-	64-bit	-			... Region Actions Download Dump

Injection Information

Injection Type	Source Process	Source Os Thread ID	Information	Success	Count	Logfile
Create Remote Thread	#1: c:\users\fd1hvy\desktop\dfylx.exe	0xda4	address = 0x7ff7f2c61ad0		1	Fn

Host Behavior

File (3)

Operation	Filename	Additional Information	Success	Count	Logfile
Create	C:\users\Public\sys	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN		3	Fn

Module (78)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x7ff92fdd0000	1	Fn
Load	mpr.dll	base_address = 0x7ff9232d0000	1	Fn
Load	advapi32.dll	base_address = 0x7ff931520000	1	Fn
Load	ole32.dll	base_address = 0x7ff9315e0000	1	Fn
Load	Shell32.dll	base_address = 0x7ff9300e0000	1	Fn
Load	Iphlpapi.dll	base_address = 0x7ff92da00000	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = LoadLibraryA, address_out = 0x7ff92fdee490	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetLastError, address_out = 0x7ff92fde33c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = VirtualFree, address_out = 0x7ff92fdea3e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptExportKey, address_out = 0x7ff931535410	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = DeleteFileW, address_out = 0x7ff92fdf2130	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetDriveTypeW, address_out = 0x7ff92fdf22c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetCommandLineW, address_out = 0x7ff92fdedbe0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetStartupInfoW, address_out = 0x7ff92fdebf50	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindNextFileW, address_out = 0x7ff92fdf2230	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = VirtualAlloc, address_out = 0x7ff92fde97f0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = GetUserNameA, address_out = 0x7ff9315622e0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = ExitProcess, address_out = 0x7ff92fdec0d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateProcessA, address_out = 0x7ff92fdeb190	1	Fn
Get Address	c:\windows\system32\iphlpapi.dll	function = GetIpNetTable, address_out = 0x7ff92da0fcc0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetVersionExW, address_out = 0x7ff92fde9a70	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = GetUserNameW, address_out = 0x7ff9315353c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = ReadFile, address_out = 0x7ff92fdf2480	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegQueryValueExA, address_out = 0x7ff9315354e0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CloseHandle, address_out = 0x7ff92fdf1ea0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegSetValueExW, address_out = 0x7ff931535370	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegCloseKey, address_out = 0x7ff931534c50	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileA, address_out = 0x7ff92fe2a370	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFileAttributesW, address_out = 0x7ff92fdf24f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WinExec, address_out = 0x7ff92fe2e3b0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDeriveKey, address_out = 0x7ff93154a740	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptGenKey, address_out = 0x7ff931539be0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Sleep, address_out = 0x7ff92fde3410	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetCurrentProcess, address_out = 0x7ff92fdf1e00	1	Fn
Get Address	c:\windows\system32\shell32.dll	function = ShellExecuteW, address_out = 0x7ff9301df5d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileSize, address_out = 0x7ff92fdf2320	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GlobalAlloc, address_out = 0x7ff92fde7fb0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindClose, address_out = 0x7ff92fdf2160	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleFileNameA, address_out = 0x7ff92fdee000	1	Fn
Get Address	c:\windows\system32\shell32.dll	function = ShellExecuteA, address_out = 0x7ff9302a1600	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleHandleA, address_out = 0x7ff92fdec1a0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateFileA, address_out = 0x7ff92fdf20f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileSizeEx, address_out = 0x7ff92fdf2330	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WriteFile, address_out = 0x7ff92fdf2570	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetLogicalDrives, address_out = 0x7ff92fde8dd0	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetEnumResourceW, address_out = 0x7ff9232d12d0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegOpenKeyExW, address_out = 0x7ff931534aa0	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetCloseEnum, address_out = 0x7ff9232d14f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFileAttributesA, address_out = 0x7ff92fdf24e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegOpenKeyExA, address_out = 0x7ff9315353b0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFilePointer, address_out = 0x7ff92fdf2510	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetTickCount, address_out = 0x7ff92fde33d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileAttributesW, address_out = 0x7ff92fdf2300	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindFirstFileW, address_out = 0x7ff92fdf21e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptAcquireContextW, address_out = 0x7ff931535a10	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = MoveFileExW, address_out = 0x7ff92fdeec60	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetOpenEnumW, address_out = 0x7ff9232d15e0	1	Fn
Get Address	c:\windows\system32\ole32.dll	function = CoInitialize, address_out = 0x7ff9315e7e20	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDecrypt, address_out = 0x7ff931539b10	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptImportKey, address_out = 0x7ff9315353f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFilePointerEx, address_out = 0x7ff92fdf2520	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileW, address_out = 0x7ff92fdf2770	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FreeLibrary, address_out = 0x7ff92fdebf60	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateProcessW, address_out = 0x7ff92fdeba30	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateDirectoryW, address_out = 0x7ff92fdf20d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateThread, address_out = 0x7ff92fde9940	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDestroyKey, address_out = 0x7ff9315357e0	1	Fn
Get Address	c:\windows\system32\ole32.dll	function = CoCreateInstance, address_out = 0x7ff92fad5110	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateFileW, address_out = 0x7ff92fdf2100	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileAttributesA, address_out = 0x7ff92fdf22d0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptEncrypt, address_out = 0x7ff93153a1a0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegDeleteValueW, address_out = 0x7ff9315382d0	1	Fn

System (8)

Operation	Additional Information	Count	Logfile
Sleep	duration = 5000 milliseconds (5.000 seconds)	1	Fn
Sleep	duration = 9000 milliseconds (9.000 seconds)	3	Fn
Get Info	type = Operating System	1	Fn
Get Info	type = Windows Directory, result_out = C:\WINDOWS	3	Fn

Process #12: taskhostw.exe

Information	Value
ID	#12
File Name	c:\windows\system32\taskhostw.exe
Command Line	taskhostw.exe
Initial Working Directory	C:\WINDOWS\system32\
Monitor	Start Time: 00:00:48, Reason: Injection
Unmonitor	End Time: 00:01:04, Reason: Self Terminated
Monitor Duration	00:00:15

OS Process Information

Information	Value
PID	0xf14
Parent PID	0x3c0 (c:\windows\system32\svchost.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 1A4 0x E00 0x 390 0x C70 0x FB8 0x F60 0x F5C 0x F58 0x F40 0x F20 0x F18 0x 1090

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	AV	YARA	Actions
taskhostw.exe	0x7FF638680000	0x7FF638697FFF	Relevant Image	-	64-bit	-			... Region Actions Download Dump

Injection Information

Injection Type	Source Process	Source Os Thread ID	Information	Success	Count	Logfile
Create Remote Thread	#1: c:\users\fd1hvy\desktop\dfylx.exe	0xda4	address = 0x7ff7f2c61ad0		1	Fn

Host Behavior

File (1)

Operation	Filename	Additional Information	Success	Count	Logfile
Create	C:\users\Public\sys	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN		1	Fn

Module (78)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x7ff92fdd0000	1	Fn
Load	mpr.dll	base_address = 0x7ff9232d0000	1	Fn
Load	advapi32.dll	base_address = 0x7ff931520000	1	Fn
Load	ole32.dll	base_address = 0x7ff9315e0000	1	Fn
Load	Shell32.dll	base_address = 0x7ff9300e0000	1	Fn
Load	Iphlpapi.dll	base_address = 0x7ff92da00000	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = LoadLibraryA, address_out = 0x7ff92fdee490	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetLastError, address_out = 0x7ff92fde33c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = VirtualFree, address_out = 0x7ff92fdea3e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptExportKey, address_out = 0x7ff931535410	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = DeleteFileW, address_out = 0x7ff92fdf2130	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetDriveTypeW, address_out = 0x7ff92fdf22c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetCommandLineW, address_out = 0x7ff92fdedbe0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetStartupInfoW, address_out = 0x7ff92fdebf50	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindNextFileW, address_out = 0x7ff92fdf2230	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = VirtualAlloc, address_out = 0x7ff92fde97f0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = GetUserNameA, address_out = 0x7ff9315622e0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = ExitProcess, address_out = 0x7ff92fdec0d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateProcessA, address_out = 0x7ff92fdeb190	1	Fn
Get Address	c:\windows\system32\iphlpapi.dll	function = GetIpNetTable, address_out = 0x7ff92da0fcc0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetVersionExW, address_out = 0x7ff92fde9a70	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = GetUserNameW, address_out = 0x7ff9315353c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = ReadFile, address_out = 0x7ff92fdf2480	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegQueryValueExA, address_out = 0x7ff9315354e0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CloseHandle, address_out = 0x7ff92fdf1ea0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegSetValueExW, address_out = 0x7ff931535370	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegCloseKey, address_out = 0x7ff931534c50	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileA, address_out = 0x7ff92fe2a370	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFileAttributesW, address_out = 0x7ff92fdf24f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WinExec, address_out = 0x7ff92fe2e3b0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDeriveKey, address_out = 0x7ff93154a740	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptGenKey, address_out = 0x7ff931539be0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Sleep, address_out = 0x7ff92fde3410	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetCurrentProcess, address_out = 0x7ff92fdf1e00	1	Fn
Get Address	c:\windows\system32\shell32.dll	function = ShellExecuteW, address_out = 0x7ff9301df5d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileSize, address_out = 0x7ff92fdf2320	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GlobalAlloc, address_out = 0x7ff92fde7fb0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindClose, address_out = 0x7ff92fdf2160	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleFileNameA, address_out = 0x7ff92fdee000	1	Fn
Get Address	c:\windows\system32\shell32.dll	function = ShellExecuteA, address_out = 0x7ff9302a1600	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleHandleA, address_out = 0x7ff92fdec1a0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateFileA, address_out = 0x7ff92fdf20f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileSizeEx, address_out = 0x7ff92fdf2330	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WriteFile, address_out = 0x7ff92fdf2570	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetLogicalDrives, address_out = 0x7ff92fde8dd0	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetEnumResourceW, address_out = 0x7ff9232d12d0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegOpenKeyExW, address_out = 0x7ff931534aa0	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetCloseEnum, address_out = 0x7ff9232d14f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFileAttributesA, address_out = 0x7ff92fdf24e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegOpenKeyExA, address_out = 0x7ff9315353b0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFilePointer, address_out = 0x7ff92fdf2510	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetTickCount, address_out = 0x7ff92fde33d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileAttributesW, address_out = 0x7ff92fdf2300	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindFirstFileW, address_out = 0x7ff92fdf21e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptAcquireContextW, address_out = 0x7ff931535a10	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = MoveFileExW, address_out = 0x7ff92fdeec60	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetOpenEnumW, address_out = 0x7ff9232d15e0	1	Fn
Get Address	c:\windows\system32\ole32.dll	function = CoInitialize, address_out = 0x7ff9315e7e20	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDecrypt, address_out = 0x7ff931539b10	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptImportKey, address_out = 0x7ff9315353f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFilePointerEx, address_out = 0x7ff92fdf2520	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileW, address_out = 0x7ff92fdf2770	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FreeLibrary, address_out = 0x7ff92fdebf60	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateProcessW, address_out = 0x7ff92fdeba30	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateDirectoryW, address_out = 0x7ff92fdf20d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateThread, address_out = 0x7ff92fde9940	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDestroyKey, address_out = 0x7ff9315357e0	1	Fn
Get Address	c:\windows\system32\ole32.dll	function = CoCreateInstance, address_out = 0x7ff92fad5110	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateFileW, address_out = 0x7ff92fdf2100	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileAttributesA, address_out = 0x7ff92fdf22d0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptEncrypt, address_out = 0x7ff93153a1a0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegDeleteValueW, address_out = 0x7ff9315382d0	1	Fn

System (4)

Operation	Additional Information	Count	Logfile
Sleep	duration = 5000 milliseconds (5.000 seconds)	1	Fn
Sleep	duration = 9000 milliseconds (9.000 seconds)	1	Fn
Get Info	type = Operating System	1	Fn
Get Info	type = Windows Directory, result_out = C:\WINDOWS	1	Fn

Process #13: msoia.exe

Information	Value
ID	#13
File Name	c:\program files\microsoft office\root\office16\msoia.exe
Command Line	"C:\Program Files\Microsoft Office\root\Office16\msoia.exe" scan upload mininterval:2880
Initial Working Directory	C:\WINDOWS\system32\
Monitor	Start Time: 00:00:50, Reason: Injection
Unmonitor	End Time: 00:04:24, Reason: Terminated by Timeout
Monitor Duration	00:03:34
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xfd0
Parent PID	0x3c0 (c:\windows\system32\svchost.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x DF0 0x FD4 0x 1228 0x 10FC

Injection Information

Injection Type	Source Process	Source Os Thread ID	Information	Success	Count	Logfile
Create Remote Thread	#1: c:\users\fd1hvy\desktop\dfylx.exe	0xda4	address = 0x7ff7f2c61ad0		1	Fn

Process #14: msoia.exe

Information	Value
ID	#14
File Name	c:\program files\microsoft office\root\office16\msoia.exe
Command Line	"C:\Program Files\Microsoft Office\root\Office16\msoia.exe" scan upload
Initial Working Directory	C:\WINDOWS\system32\
Monitor	Start Time: 00:00:51, Reason: Injection
Unmonitor	End Time: 00:04:24, Reason: Terminated by Timeout
Monitor Duration	00:03:33
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xff8
Parent PID	0x3c0 (c:\windows\system32\svchost.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x E80 0x FFC 0x 1544 0x 149C

Injection Information

Injection Type	Source Process	Source Os Thread ID	Information	Success	Count	Logfile
Create Remote Thread	#1: c:\users\fd1hvy\desktop\dfylx.exe	0xda4	address = 0x7ff7f2c61ad0		1	Fn

Process #15: apphostregistrationverifier.exe

Information	Value
ID	#15
File Name	c:\windows\system32\apphostregistrationverifier.exe
Command Line	C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
Initial Working Directory	C:\WINDOWS\system32\
Monitor	Start Time: 00:00:52, Reason: Injection
Unmonitor	End Time: 00:04:24, Reason: Terminated by Timeout
Monitor Duration	00:03:32
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xc14
Parent PID	0x3c0 (c:\windows\system32\svchost.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x A8C 0x D34 0x 490 0x 408 0x 9C0 0x 1280 0x 16C8

Injection Information

Injection Type	Source Process	Source Os Thread ID	Information	Success	Count	Logfile
Create Remote Thread	#1: c:\users\fd1hvy\desktop\dfylx.exe	0xda4	address = 0x7ff7f2c61ad0		1	Fn

Process #16: dllhost.exe

Information	Value
ID	#16
File Name	c:\windows\system32\dllhost.exe
Command Line	C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Initial Working Directory	C:\WINDOWS\system32\
Monitor	Start Time: 00:01:04, Reason: Injection
Unmonitor	End Time: 00:04:24, Reason: Terminated by Timeout
Monitor Duration	00:03:20

OS Process Information

Information	Value
PID	0x7fc
Parent PID	0x2b4 (c:\windows\system32\svchost.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x CAC 0x DC4 0x DB0 0x DA8 0x DBC 0x DB8 0x CC4 0x BE4 0x 46F0

Injection Information

Injection Type	Source Process	Source Os Thread ID	Information	Success	Count	Logfile
Create Remote Thread	#1: c:\users\fd1hvy\desktop\dfylx.exe	0xda4	address = 0x7ff7f2c61ad0		1	Fn

Host Behavior

File (1)

Operation	Filename	Additional Information	Success	Count	Logfile
Create	C:\users\Public\sys	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN		1	Fn

Module (78)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x7ff92fdd0000	1	Fn
Load	mpr.dll	base_address = 0x7ff9232d0000	1	Fn
Load	advapi32.dll	base_address = 0x7ff931520000	1	Fn
Load	ole32.dll	base_address = 0x7ff9315e0000	1	Fn
Load	Shell32.dll	base_address = 0x7ff9300e0000	1	Fn
Load	Iphlpapi.dll	base_address = 0x7ff92da00000	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = LoadLibraryA, address_out = 0x7ff92fdee490	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetLastError, address_out = 0x7ff92fde33c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = VirtualFree, address_out = 0x7ff92fdea3e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptExportKey, address_out = 0x7ff931535410	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = DeleteFileW, address_out = 0x7ff92fdf2130	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetDriveTypeW, address_out = 0x7ff92fdf22c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetCommandLineW, address_out = 0x7ff92fdedbe0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetStartupInfoW, address_out = 0x7ff92fdebf50	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindNextFileW, address_out = 0x7ff92fdf2230	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = VirtualAlloc, address_out = 0x7ff92fde97f0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = GetUserNameA, address_out = 0x7ff9315622e0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = ExitProcess, address_out = 0x7ff92fdec0d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateProcessA, address_out = 0x7ff92fdeb190	1	Fn
Get Address	c:\windows\system32\iphlpapi.dll	function = GetIpNetTable, address_out = 0x7ff92da0fcc0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetVersionExW, address_out = 0x7ff92fde9a70	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = GetUserNameW, address_out = 0x7ff9315353c0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = ReadFile, address_out = 0x7ff92fdf2480	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegQueryValueExA, address_out = 0x7ff9315354e0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CloseHandle, address_out = 0x7ff92fdf1ea0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegSetValueExW, address_out = 0x7ff931535370	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegCloseKey, address_out = 0x7ff931534c50	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileA, address_out = 0x7ff92fe2a370	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFileAttributesW, address_out = 0x7ff92fdf24f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WinExec, address_out = 0x7ff92fe2e3b0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDeriveKey, address_out = 0x7ff93154a740	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptGenKey, address_out = 0x7ff931539be0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = Sleep, address_out = 0x7ff92fde3410	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetCurrentProcess, address_out = 0x7ff92fdf1e00	1	Fn
Get Address	c:\windows\system32\shell32.dll	function = ShellExecuteW, address_out = 0x7ff9301df5d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileSize, address_out = 0x7ff92fdf2320	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GlobalAlloc, address_out = 0x7ff92fde7fb0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindClose, address_out = 0x7ff92fdf2160	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleFileNameA, address_out = 0x7ff92fdee000	1	Fn
Get Address	c:\windows\system32\shell32.dll	function = ShellExecuteA, address_out = 0x7ff9302a1600	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleHandleA, address_out = 0x7ff92fdec1a0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateFileA, address_out = 0x7ff92fdf20f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileSizeEx, address_out = 0x7ff92fdf2330	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = WriteFile, address_out = 0x7ff92fdf2570	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetLogicalDrives, address_out = 0x7ff92fde8dd0	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetEnumResourceW, address_out = 0x7ff9232d12d0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegOpenKeyExW, address_out = 0x7ff931534aa0	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetCloseEnum, address_out = 0x7ff9232d14f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFileAttributesA, address_out = 0x7ff92fdf24e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegOpenKeyExA, address_out = 0x7ff9315353b0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFilePointer, address_out = 0x7ff92fdf2510	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetTickCount, address_out = 0x7ff92fde33d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileAttributesW, address_out = 0x7ff92fdf2300	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FindFirstFileW, address_out = 0x7ff92fdf21e0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptAcquireContextW, address_out = 0x7ff931535a10	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = MoveFileExW, address_out = 0x7ff92fdeec60	1	Fn
Get Address	c:\windows\system32\mpr.dll	function = WNetOpenEnumW, address_out = 0x7ff9232d15e0	1	Fn
Get Address	c:\windows\system32\ole32.dll	function = CoInitialize, address_out = 0x7ff9315e7e20	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDecrypt, address_out = 0x7ff931539b10	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptImportKey, address_out = 0x7ff9315353f0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetFilePointerEx, address_out = 0x7ff92fdf2520	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileW, address_out = 0x7ff92fdf2770	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = FreeLibrary, address_out = 0x7ff92fdebf60	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateProcessW, address_out = 0x7ff92fdeba30	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateDirectoryW, address_out = 0x7ff92fdf20d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateThread, address_out = 0x7ff92fde9940	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptDestroyKey, address_out = 0x7ff9315357e0	1	Fn
Get Address	c:\windows\system32\ole32.dll	function = CoCreateInstance, address_out = 0x7ff92fad5110	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CreateFileW, address_out = 0x7ff92fdf2100	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = GetFileAttributesA, address_out = 0x7ff92fdf22d0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = CryptEncrypt, address_out = 0x7ff93153a1a0	1	Fn
Get Address	c:\windows\system32\advapi32.dll	function = RegDeleteValueW, address_out = 0x7ff9315382d0	1	Fn

System (4)

Operation	Additional Information	Count	Logfile
Sleep	duration = 5000 milliseconds (5.000 seconds)	1	Fn
Sleep	duration = 9000 milliseconds (9.000 seconds)	1	Fn
Get Info	type = Operating System	1	Fn
Get Info	type = Windows Directory, result_out = C:\WINDOWS	1	Fn

Remarks (1/1)

Monitored Processes

Behavior Information - Grouped by Category

Before

After